An infected variant of the KMSPico Windows Activator containing malware makes rounds on the internet. Cybersecurity researchers at Red Canary believe the malicious installer can steal user information from various cryptocurrency wallets and other applications. Likewise, the infected KMSPico installer uses a cryptbot to steal cryptocurrency apps.
KMSPico is a known Microsoft product activator that has successfully gained stains on its reputation before. It plays a role in pirating Microsoft software to save on licensing costs. However, it’s not worth the risk as user information is at stake.
As per Red Canary’s blog post, the cryptbot delivered by the infected activator can steal information from the following applications:
- Atomic cryptocurrency wallet
- Avast Secure web browser
- Brave browser
- Ledger Live cryptocurrency wallet
- Opera Web Browser
- Waves Client and Exchange cryptocurrency applications
- Coinomi cryptocurrency wallet
- Google Chrome web browser
- Jaxx Liberty cryptocurrency wallet
- Electron Cash cryptocurrency wallet
- Electrum cryptocurrency wallet
- Exodus cryptocurrency wallet
- Monero cryptocurrency wallet
- MultiBitHD cryptocurrency wallet
- Mozilla Firefox web browser
- CCleaner web browser
- Vivaldi web browser
While the list of apps is long and contains various popular browsers, Microsoft Edge isn’t one. Edge gains an edge here in terms of security.
To evade licensing, organizations use the KMSPico activator to activate products fraudulently. “We’ve observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems,” said the blog post. Hence, using the malware-carrying KMSPico installer could prove to be extremely dangerous in these situations.
As a result, using activation software can be dangerous, and users should refrain from doing it. For instance, organizations using KMSPico are at risk of losing cryptocurrency wallet data.