Security firm flags crypto wallet credentials malware tucked into a hacky KMSPico Windows activator

Crypto wallet info can be hijacked by Windows activator (image: Executium/Unsplash)

The security researchers from Red Canary have identified another threat to your software cryptocurrency wallet of choice, and it is hiding in a popular Windows activator. The fake KMSPico installers work as intended for Microsoft Windows or Office activation, but they can also lodge into several popular crypto wallets and grab their credentials. Since KMSPico is piggybacking on Microsoft's own Windows Key Management Services (KMS) option, the security firm claims that even IT departments use it, potentially introducing crypto wallet malware to the unsuspecting machines they activate Microsoft software on.

Daniel Zlatev, Published 12/06/2021 🇮🇹 🇪🇸 ...

The security research firm Red Canary has flagged yet another scheme for digital asset investors to part with their hard-earned cryptocurrency wallet content. This time around, it involves a rogue Windows operating system activator called KMSPico. Hacky Windows activators have been floating on the Web for ages, riding on the Windows Key Management Services (KMS) coattails meant for mass enterprise activation. The KMSPico line is one of the most widespread, explaining the security firm's concern that a hidden malware can piggyback on this particular Windows activator line's popularity.

Unfortunately, some IT departments also use the KMSPico patches to activate their Windows or Microsoft Office licenses en masse for added comfort, thus introducing whatever malware a fake activator is carrying to all the machines within an organization. Those who downloaded an infected KMSPico file may not even notice as the activator inside is working as intended. The problem is that the faux installer contains the so-called cryptbot, which can work its way into many popular cryptocurrency wallets on your machine and hijack private information from there. Here's a list of the cryptocurrency wallet software that can be hacked by an infected KMSPico activator:

Atomic cryptocurrency wallet
Avast Secure web browser
Brave browser Ledger
Live cryptocurrency wallet
Opera Web Browser
Waves Client and Exchange cryptocurrency applications
Coinomi cryptocurrency wallet
Google Chrome web browser
Jaxx Liberty cryptocurrency wallet
Electron Cash cryptocurrency wallet
Electrum cryptocurrency wallet
Exodus cryptocurrency wallet
Monero cryptocurrency wallet
MultiBitHD cryptocurrency wallet
Mozilla Firefox web browser
CCleaner web browser
Vivaldi web browser

As you can see, the list contains some rather popular crypto wallets that a faux KMSPico activator can wiggle its way into, not to mention the most popular browser of them all. Keep this in mind the next time you download its files, and they get flagged as containing malware by your antivirus software of choice; this time around the threat could be real. Alternatively, you can grab a secure hardware wallet like the Ledger Nano X on Amazon, and get on your merry activation ways of dubious legality.

Source(s)

Red Canary

Microsoft is a cyber security threat (Source: DALL·E 3-generated image)

Microsoft considered a national security risk by former White House cyber policy director 04/22/2024

Over 100 malicious signed Windows drivers blocked by Microsoft 07/12/2023

The new Ledger Nano S Plus crypto hardware wallet offers most Nano X features on the cheap 04/10/2022

Scams and crypto-malware are more rampant than ever. (Image Source: Comodo cWatch)

New Mars Stealer malware targets Chrome-based browser crypto wallets 02/04/2022

A team of researchers has developed a malware detection system for Raspberry Pi. (Image source: Jainath Ponnala via Unsplash)

Researchers build novel malware detection system for Raspberry Pi 01/13/2022

The Quantum Pendant is one of ten products found to emit low levels of ionising radiation. (Image source: ANVS Netherlands)

Nuclear Safety authority discovers 5G-blocking bracelets, pendants and other products are actually radioactive 12/20/2021

The bitcoin mining farm was wrecked by a fire. (Image source: Citylife - edited)

One for the gamers: Crypto mining farm perishes in conflagration in Thailand 12/19/2021

Apple has deleted all references to its CSAM initiative. (Image source: Jeremy Bezanger)

Apple pulls controversial CSAM plans to scan the Photos app in iOS and iPadOS for nude pictures of children from its website 12/16/2021

Microsoft will finally release a Windows 11 update which fixes slower than usual SSD write speeds (Image: Microsoft)

Windows 11 update includes bugfix which enables faster SSD write speeds 12/10/2021

Besides billions of Shiba Inu coins, crypto hackers managed to steal more than 20 other cryptocurrencies from the crypto exchange BitMart (Image: Shiba Inu Token)

Hackers steal 893 billion Shiba Inu coins and other Ethereum-based cryptocurrencies worth US$150 million 12/08/2021

Over US$120 million has been stolen from cryptocurrency wallets linked to BadgerDAO. (Image source: Art Rachen on Unsplash)

Over US$120 million has been stolen from multiple cryptocurrency wallets connected to BadgerDAO 12/03/2021

Crypto exchange execs to face Congress for the first time as the SEC pushes registration 12/02/2021

Obscure Omicron coin named like the COVID-19 variant defies the general crypto market crash 11/28/2021

Hamilton Police arrested a suspected youth involved in a cryptocurrency theft of CAD$46 million. (Image: Michael Förtsch via Unsplash)

A Canadian adolescent was arrested in connection with an alleged CAD$46 million cryptocurrency robbery. 11/25/2021

Due to the new law that includes mandatory reports of crypto transactions, the IRS could confiscate a record amount of cryptocurrencies in the coming years (Image: Bermix Studio)

Hundreds of newly hired IRS special agents could hunt down crypto criminals in the US as the authority expects to seize cryptocurrencies worth billions of dollars due to new taxation law 11/18/2021

Coinbase notification scam steals US$11 million in bitcoin from a crypto account in 10 minutes 11/02/2021

Read all 2 comments / answer

Loading Comments

Comment on this article

Samsung releases Android 12 and One...

Xiaomi 12X: Mini flagship to launch...

Daniel Zlatev - Senior Tech Writer - 1188 articles published on Notebookcheck since 2021

Wooed by tech since the industrial espionage of Apple computers and the times of pixelized Nintendos, Daniel went and opened a gaming club when personal computers and consoles were still an expensive rarity. Nowadays, fascination is not with specs and speed but rather the lifestyle that computers in our pocket, house, and car have shoehorned us in, from the infinite scroll and the privacy hazards to authenticating every bit and move of our existence.

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2021 12 > Security firm flags crypto wallet credentials malware tucked into a hacky KMSPico Windows activator

Daniel Zlatev, 2021-12- 6 (Update: 2021-12- 6)

Security firm flags crypto wallet credentials malware tucked into a hacky KMSPico Windows activator

Source(s)

Related Articles