News Security

Hackers target Windows pirates with Cryptobot malware


Cryptobot, a cryptocurrency malware that steals wallet and account credentials, is now using the popular pirated Windows activation tool KMSPico to carry its way into the systems.

KMSPico tricks Windows Key Management Services into authenticating your copy of Windows as genuine. It also works with editions of Microsoft Office.

When a user downloads the infected software, Cryptobot is silently installed using background processes. Once in the system, Cryptobot starts collecting crypto wallet credentials and account details.

According to Red Canary, threat actors are targeting the “pirate community” by infecting the activation tool with Cryptobot. Red Canary’s Tony Lambert also stated that it is observed that several IT departments are using KMSPico instead of legitimate Microsoft licenses to activate systems.

Cryptobot also tries to steal information from Google Chrome, Mozilla Firefox, Opera, Brave, and Vivaldi web browsers and the CCleaner system management tool, which makes it clear that crypto enthusiasts are high-value targets.

Related posts

Windows 11 Review: Know How Microsoft’s Latest Operating System Is




JFrog Collaborates with the Rust Foundation to Root-out Open Source Software Vulnerabilities


Leave a Comment