Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security firm flags crypto wallet credentials malware tucked into a hacky KMSPico Windows activator

Crypto wallet info can be hijacked by Windows activator (image: Executium/Unsplash)
Crypto wallet info can be hijacked by Windows activator (image: Executium/Unsplash)
The security researchers from Red Canary have identified another threat to your software cryptocurrency wallet of choice, and it is hiding in a popular Windows activator. The fake KMSPico installers work as intended for Microsoft Windows or Office activation, but they can also lodge into several popular crypto wallets and grab their credentials. Since KMSPico is piggybacking on Microsoft's own Windows Key Management Services (KMS) option, the security firm claims that even IT departments use it, potentially introducing crypto wallet malware to the unsuspecting machines they activate Microsoft software on.

The security research firm Red Canary has flagged yet another scheme for digital asset investors to part with their hard-earned cryptocurrency wallet content. This time around, it involves a rogue Windows operating system activator called KMSPico. Hacky Windows activators have been floating on the Web for ages, riding on the Windows Key Management Services (KMS) coattails meant for mass enterprise activation. The KMSPico line is one of the most widespread, explaining the security firm's concern that a hidden malware can piggyback on this particular Windows activator line's popularity.

Unfortunately, some IT departments also use the KMSPico patches to activate their Windows or Microsoft Office licenses en masse for added comfort, thus introducing whatever malware a fake activator is carrying to all the machines within an organization. Those who downloaded an infected KMSPico file may not even notice as the activator inside is working as intended. The problem is that the faux installer contains the so-called cryptbot, which can work its way into many popular cryptocurrency wallets on your machine and hijack private information from there. Here's a list of the cryptocurrency wallet software that can be hacked by an infected KMSPico activator:

  • Atomic cryptocurrency wallet
  • Avast Secure web browser
  • Brave browser Ledger
  • Live cryptocurrency wallet
  • Opera Web Browser
  • Waves Client and Exchange cryptocurrency applications
  • Coinomi cryptocurrency wallet
  • Google Chrome web browser
  • Jaxx Liberty cryptocurrency wallet
  • Electron Cash cryptocurrency wallet
  • Electrum cryptocurrency wallet
  • Exodus cryptocurrency wallet
  • Monero cryptocurrency wallet
  • MultiBitHD cryptocurrency wallet
  • Mozilla Firefox web browser
  • CCleaner web browser
  • Vivaldi web browser

As you can see, the list contains some rather popular crypto wallets that a faux KMSPico activator can wiggle its way into, not to mention the most popular browser of them all. Keep this in mind the next time you download its files, and they get flagged as containing malware by your antivirus software of choice; this time around the threat could be real. Alternatively, you can grab a secure hardware wallet like the Ledger Nano X on Amazon, and get on your merry activation ways of dubious legality.


Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Daniel Zlatev
Daniel Zlatev - Tech Writer - 261 articles published on Notebookcheck since 2021
Wooed by tech since the industrial espionage of Apple computers and the times of pixelized Nintendos, Daniel went and opened a gaming club when personal computers and consoles were still an expensive rarity. Nowadays, fascination is not with specs and speed but rather the lifestyle that computers in our pocket, house, and car have shoehorned us in, from the infinite scroll and the privacy hazards to authenticating every bit and move of our existence.
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 12 > Security firm flags crypto wallet credentials malware tucked into a hacky KMSPico Windows activator
Daniel Zlatev, 2021-12- 6 (Update: 2021-12- 6)