Windows Software Pirates Are Losing Their Bitcoin to Cryptbot Malware

Software pirates looking to score a free copy of Microsoft Windows are running afoul of malware-riddled "activation tools" that empty their crypto wallets.

According to security research firm Red Canary (via PC World), infections of systems with the well-known Cryptbot malware have been traced back to a fake KMSPico installer—a tool used by software pirates to activate the full features of Microsoft Windows and Office products without owning a license key.

Since security tools usually block KMSPico as a Potentially Unwanted Program (PUP), the software comes with instructions to disable antivirus and anti-malware software—allowing Cryptobot to run rampant on the system.

Once introduced to a system, Cryptbot scours it for credentials and other sensitive information, including cryptocurrency wallets. The list of wallets at risk from Cryptbot is extensive and includes the likes of Electrum, Monero, Exodus, and Ledger Live, as well as other applications such as web browsers (including Google Chrome, Mozilla Firefox, Brave and Opera).

Since the KMSPico installer leverages Windows Key Management Services (KMS)—a legitimate technology used for bulk licensing across enterprise networks—some IT departments that actually had legitimate licenses reportedly used the illicit tool to activate their systems, inadvertently corrupting their systems with Cryptbot.

These Fake Crypto Apps Will Steal Your Bitcoin

Thousands of cryptocurrency users have reportedly been the victim of crypto apps that were advertised as legitimate, but secretly contained malware that infiltrated users’ computers and stole information, including cryptocurrency wallet keys. Security firm Intezer Labs discovered and extensively detailed the exploit, which it has dubbed ElectroRAT, in a report issued today. The malware was first discovered in December, although data from a pastebin used by the exploit suggests that it has been i...

Malware targets crypto

Given the lucrative potential rewards involved in cryptocurrency, malware has been a perennial thorn in the side of crypto users. Schemes have ranged from crypto-mining malware that ties up system resources to fraudulent crypto apps designed to setal users' private keys.

In one recent case, a man sued the parents of two teenagers who he claims used malware to steal $800,000 worth of Bitcoin.

How To Keep Your Bitcoin Safe And Secure

Keeping your Bitcoin safe might seem like a simple task, but as a myriad of thefts, phishing attacks, and exchange hacks prove—it's easier said than done. The majority of Bitcoin holders use one of four main types of cryptocurrency wallet: hardware, software, metal, and exchange wallets. Some are better than others for keeping your Bitcoin safe, but there are many ways to maximize your security regardless of which option you choose. Hardware wallets The Trezor, D'CENT and Ledger Nano X hardware...

In the case of the infected KMSPico installer, taking shortcuts and trying to get access to software without shelling out for a license could end up being extremely costly for crypto users.