Windows Software Hackers Lose Bitcoin to Cryptbot Malware

0

Software hackers seeking a free copy of Microsoft Windows are met with malware-riddled “activation tools” that drain their crypto wallets.

According to a security research firm red canary (via PC World), system infections with the notorious Cryptbot malware have been traced to a fake installer of KMSPico, a tool used by software hackers to activate full functionality of Microsoft Windows and Office products without possessing a license key .

Since security tools usually block KMSPico as a potentially unwanted program (PUP), the software comes with instructions to disable antivirus and anti-malware software, allowing Cryptobot to run rampant on the system.

Once introduced to a system, Cryptbot scans it for credentials and other sensitive information, including cryptocurrency wallets. Cryptbot’s list of risky wallets is long and includes the likes of Electrum, MoneroExodus and Ledger Live, as well as other applications such as web browsers (including Google Chrome, Mozilla Firefox, Brave and Opera).

Because the KMSPico installer leverages Windows Key Management Services (KMS), a legitimate technology used for bulk licensing on corporate networks, some IT departments that actually had legitimate licenses allegedly used the illicit tool to activate their systems, inadvertently corrupting their systems with Cryptbot.

Malware Targets Crypto

Considering the lucrative potential rewards involved in cryptocurrency, malware has always been a thorn in the side of crypto users. Schemes range from crypto-mining malware that hogs system resources to fraudulent crypto applications designed to secure users’ private keys.

In a recent case, a man sued the parents of two teenagers who he claims used malware to steal $800,000 from Bitcoin.

In the case of the infected KMSPico installer, taking shortcuts and trying to access the software without paying a license could prove extremely costly for crypto users.

https://decrypt.co/87899/windows-software-pirates-are-losing-their-bitcoin-cryptbot-malware

Subscribe to decryption newsletters!

Get the best stories curated daily, weekly highlights and deep dives straight to your inbox.


Source link

Share.

About Author

Comments are closed.