Software can be expensive and this can lead some people to decide to pirate applications instead of purchasing their respective legal licenses. However, this practice can lead to several problems. Recently, Red Canary reported that a hacker group released a modified version of a popular piracy tool online to infect systems with the malware Cryptbot.
The tool in question is called KMSPico, which according to Red Canary is used for “activate all the features of Microsoft Windows and Office products without actually owning a license key“. Security tools usually block KMSPico, so instructions are often given to disable those protections, thus leaving systems vulnerable to malware.
Which brings us to Cryptbot. Red Canary stated that “harms organizations by stealing credentials and other sensitive information from affected systems“. The company said that much of that private data is taken from cryptocurrency-related software such as:
- Atomic cryptocurrency wallet
- Ledger Live cryptocurrency wallet
- Waves Client And Exchange cryptocurrency application
- Coinomi cryptocurrency wallet
- Jaxx Liberty cryptocurrency wallet
- Electron Cash cryptocurrency wallet
- Electrum cryptocurrency wallet
- Exodus cryptocurrency wallet
- Monero cryptocurrency wallet
- MultiBitHD cryptocurrency wallet
Red Canary said Cryptbot also tries to steal information from web browsers Google Chrome, Mozilla Firefox, Opera, Brave e Vivaldi and the system management tool CCleaner, however, the extensive list of wallet software targeted by Cryptbot makes it clear that crypto enthusiasts are high-value targets.
As far as protection against this scheme is concerned, it seems that the best option is not to download KMSPico in the first place. Red Canary said: “Save yourself the hassle and choose legitimate and supported activation methods.“