Back to the list

Windows Software Pirates Are Losing Their Bitcoin to Cryptbot Malware

decrypt.co 09 December 2021 13:50, UTC
Reading time: ~2 m

Software pirates looking to score a free copy of Microsoft Windows are running afoul of malware-riddled "activation tools" that empty their crypto wallets.

According to security research firm Red Canary (via PC World), infections of systems with the well-known Cryptbot malware have been traced back to a fake KMSPico installer—a tool used by software pirates to activate the full features of Microsoft Windows and Office products without owning a license key.

Since security tools usually block KMSPico as a Potentially Unwanted Program (PUP), the software comes with instructions to disable antivirus and anti-malware software—allowing Cryptobot to run rampant on the system.

New malware analysis from @ForensicITGuy: #RCIntel recently analyzed a sample of Cryptbot and traced it back to a fake KMSPico installer. Here's what to look out for. https://t.co/Msj1M4cKOP

— Red Canary (@redcanary) December 2, 2021

Once introduced to a system, Cryptbot scours it for credentials and other sensitive information, including cryptocurrency wallets. The list of wallets at risk from Cryptbot is extensive and includes the likes of Electrum, Monero, Exodus, and Ledger Live, as well as other applications such as web browsers (including Google Chrome, Mozilla Firefox, Brave and Opera).

Since the KMSPico installer leverages Windows Key Management Services (KMS)—a legitimate technology used for bulk licensing across enterprise networks—some IT departments that actually had legitimate licenses reportedly used the illicit tool to activate their systems, inadvertently corrupting their systems with Cryptbot.

These Fake Crypto Apps Will Steal Your Bitcoin

Malware targets crypto

Given the lucrative potential rewards involved in cryptocurrency, malware has been a perennial thorn in the side of crypto users. Schemes have ranged from crypto-mining malware that ties up system resources to fraudulent crypto apps designed to setal users' private keys.

In one recent case, a man sued the parents of two teenagers who he claims used malware to steal $800,000 worth of Bitcoin.

How To Keep Your Bitcoin Safe And Secure

In the case of the infected KMSPico installer, taking shortcuts and trying to get access to software without shelling out for a license could end up being extremely costly for crypto users.

Back to the list