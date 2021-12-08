Software can be expensive and this can lead some people to decide to pirate applications instead of purchasing their respective legal licenses. However, this practice can lead to several problems. Recently, Red Canary reported that a hacker group released a modified version of a popular piracy tool online to infect systems with the Cryptbot malware.

The tool in question is called KMSPico, which according to Red Canary is used for “activate all the features of Microsoft Windows and Office products without actually owning a license key“. Security tools usually block KMSPico, so instructions are often given to disable those protections, thus leaving systems vulnerable to malware.

Which brings us to Cryptbot. Red Canary stated that “harms organizations by stealing credentials and other sensitive information from affected systems“. The company said that much of that private data is taken from cryptocurrency-related software such as:

Atomic cryptocurrency wallet

Ledger Live cryptocurrency wallet

Waves Client And Exchange cryptocurrency application

Coinomi cryptocurrency wallet

Jaxx Liberty cryptocurrency wallet

Electron Cash cryptocurrency wallet

Electrum cryptocurrency wallet

Exodus cryptocurrency wallet

Monero cryptocurrency wallet

MultiBitHD cryptocurrency wallet

Red Canary said Cryptbot also tries to steal information from web browsers Google Chrome, Mozilla Firefox, Opera, Brave And Vivaldi and the system management tool CCleaner, however, the extensive list of wallet software targeted by Cryptbot makes it clear that crypto enthusiasts are high-value targets.

As far as protection against this scheme is concerned, it seems that the best option is not to download KMSPico in the first place. Red Canary said: “Save yourself the hassle and choose legitimate and supported activation methods.“