Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.
This activity has been spotted by researchers at Red Canary, who warn that pirating software to save on licensing costs isn't worth the risk.
KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services (KMS) server to activate licenses fraudulently.
According to Red Canary, many IT departments using KMSPico instead of legitimate Microsoft software licenses are much bigger than one would expect.
"We've observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems," explained Red Canary intelligence analyst Tony Lambert.
"In fact, we even experienced one ill-fated incident response engagement where our IR partner could not remediate one environment due to the organization not having a single valid Windows license in the environment."
Tainted product activators
KMSPico is commonly distributed through pirated software and cracks sites that wrap the tool in installers containing adware and malware.
As you can see below, there are numerous sites created to distribute KMSPico, all claiming to be the official site.
A malicious KMSPico installer analyzed by RedCanary comes in a self-extracting executable like 7-Zip and contains both an actual KMS server emulator and Cryptbot.
"The user becomes infected by clicking one of the malicious links and...
Read Full Story: https://www.bleepingcomputer.com/news/security/malicious-kmspico-installers-steal-your-cryptocurrency-wallets/
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
