After spending all your money on brand new computer hardware, you’re now torn whether you should get legitimate but expensive Windows software, or save money by getting a cheap/free yet dangerous Windows activator.

Historically, going with the cheaper alternative — although risky — hasn’t been too damaging. Well, not until now.

A group of security researchers found that hackers have recently modified one of those Windows activators to carry malware that can apparently steal tokens from crypto wallets. The tool they are referring to is KMSPico, which is known to emulate Key Management Services (KMS) server locally to activate Windows and Office licenses.

One of the KMSPico installers the research group analyzed came with a Cryptbot malware, which apparently can steal credentials and other sensitive user information from the PC’s web browsers.


It can also affect tons of other crypto wallets like Atomic, Electrum, Exodus, Coinomi, Ledger Live, etc. What’s worse, it can be utilized to carry and distribute banking malware like Danabot and others.

If that’s not enough, the Cryptbot malware itself was designed by its creators to be hard to detect. It can pass the detection of traditional antivirus software.

This development proves something we have already known for years: going with the piracy route is dangerous, especially if you plan on carrying very important things on your computer.

Via: Red Canary

Leave a comment

Your email address will not be published. Required fields are marked *