Author

Topic: KMSPico Malicious Windows Activator Stealing Crypto (Read 220 times)

sr. member
Activity: 1610
Merit: 264
~
No wonder I often hear from my friends that they're getting BSOD and I just can't help them as the BSOD didn't indicate any "What failed" below the Stop Code. Moving forward through couple of months, they just told me that their PC was fixed and they didn't know how clean install fixed it.
legendary
Activity: 2212
Merit: 7064
I’ve been going over the detailed report, as well as other sites that reference the report, but I haven’t been able to decode to a greater detail the real impact of "Cryptbot is capable of collecting sensitive information from the following applications:". Namely, I was trying to determine the exact information it retrieves on web wallets, and non-web based software such as Ledger Live.
I have one suggestion for you if you want to be sure in this, find KMSPico with Cryptobot malware, download it and install on your Windows OS (you can use virtualbox), than you can test how it works Smiley

If you want to pirate Windows, use Microsoft Activation scripts - it's open source and is very popular, so a lot of people have reviewed the code.
Development for this scripts is temporarily suspended and last update was back in 2020, so I doubt this is keeping up with latest versions on Windows.
Linux is also open source, you don't need to do any mambo jambo, and you will not be monitored like when you use windows.

It has caught my attention that you mention Ledger Live but not Trezor Suite.
To be honest, I did not expect to see hardware wallet related software affected by malware this way.
Trezor Suite is relative new software that only recently they came out of beta testing, so that may be the real reason why it's not on this list.

member
Activity: 518
Merit: 30
$CYBERCASH METAVERSE
What?  Shocked oh my God thanks for sharing this OP cos I use to activate my windows OS using free windows activators like kmspico, this is why it's better to always purchase your keys instead, if you can pay for antivirus and VPN services why not windows key?
hero member
Activity: 1442
Merit: 775
If you want to pirate Windows, use Microsoft Activation scripts - it's open source and is very popular, so a lot of people have reviewed the code.
Is it free to use? Is activation code permanently used? This topic makes me fearful because I did not use paid Windows and are using cracked one.

I know there are Ubuntu or Linux but I am not familiar with those OS.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
It could be big deal if you use it for work (especially for presentation or screen sharing) or multimedia which use whole screen.

Indeed, however if one use it for something productive, he can already make the step of buying a "second hand" license at under 10$, which are more and more popular now.
And the rest can just simply use it with watermark.

I always assume people talking about Office 365 when they're talking about online office. I didn't know microsoft also offer free version with some limitation.

Indeed, it's 365.
And that's my point: far too many people don't know about these free options. They are not advertised, since usually nobody pays for advertising a product that doesn't earn money, and far too many end up with malware just because they've assumed that the OS/programs they need cannot be used for free.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
It's a bit sad though, since both Windows and Office can be nowadays used for free, still people are uninformed and prefer to crack it and have bad consequences later....

I don't know about Office, but do you mean using Windows 10 without activating it and get annoyed by the watermark?

Yes, that's what I mean.
And indeed, if you don't pay for Win10 you cannot change desktop image and you have the bottom-right watermark. I don't find that a big deal, I've used Win10 for some 2 years like that on a less-used machine.
It was back then not that annoying.

And for Office, if one is keen to use MS Office (instead of Libre Office, for example), he can use it in-browser, with a free MS account.
hero member
Activity: 3108
Merit: 577
Leading Crypto Sports Betting & Casino Platform
I've used it once when I've downloaded it years ago but it didn't push through and my PC gets an error. Luckily, I don't use it for a long time and I've got my windows activated without having to download any of the same as kmspico.
Well, people should avoid downloadable like this when they don't know how to protect themselves.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
KMSPico is so popular that there are countless malicious fakes, and if you are googling "download KMSPico", or looking for it on torrents, you're almost guaranteed to get malware. The original version was/is distributed on My Digital Life forum, but it's probably hard to get it, providing it's still there.

If you want to pirate Windows, use Microsoft Activation scripts - it's open source and is very popular, so a lot of people have reviewed the code.

Some e-commerce platforms are selling licenses from as low as a few bucks which are capable of receiving genuine updates.
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
It has caught my attention that you mention Ledger Live but not Trezor Suite.
To be honest, I did not expect to see hardware wallet related software affected by malware this way.

Anyways, thanks for the heads-up.
This topics makes me feel like to move onto Ubuntu and ditch Windows for good.
legendary
Activity: 3024
Merit: 2148
KMSPico is so popular that there are countless malicious fakes, and if you are googling "download KMSPico", or looking for it on torrents, you're almost guaranteed to get malware. The original version was/is distributed on My Digital Life forum, but it's probably hard to get it, providing it's still there.

If you want to pirate Windows, use Microsoft Activation scripts - it's open source and is very popular, so a lot of people have reviewed the code.
legendary
Activity: 3374
Merit: 3095
BTC price road to $80k
I think this is only on the latest KMSpico so the older one can be still used for activating Windows OS.

Actually, I'm only using it just to activate the office but if you use it would directly activate both office and the OS. I'm using the older one with my PC without any problem yet or maybe I'm just protected with Kaspersky total.
So only the latest one is infected with cryptobot malware/virus inside.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
I used to having this and recommending to other in terms of activating microsoft products when I'm starting my computer hobbies til I get college which is pretty helpful, especially when you don't have a penny to pay.

Good thing its not the case now, but how about to those who still rely this software? Well, hoping of less victims after this report.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
KMSpico is indeed the norm in activating Microsoft products. I don't know if it's the official version or a malware-filled clone, but it doesn't matter since it was meant to be a ticking bomb.
It's a bit sad though, since both Windows and Office can be nowadays used for free, still people are uninformed and prefer to crack it and have bad consequences later....
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
This was pretty much inevitable. What's scary is — using KMSPico is pretty much the norm when talking about the typical 9-5 low-income worker in poor countries. And then you get some of them investing in crypto to hopefully put them in a better financial situation; and now we got malware designed to steal crypto baked into the OS-level. Not sure if people still commonly use KMSPico because afaik Windows 10 is pretty much free, but yikes.

Exactly.

A license, even the most basic Home edition costs a pretty penny so many tend to pirate.

I used to do that (software) until I had my PC infected with malware. It was scary to say the least but thankfully that time Bitcoin wasn't existent yet.
sr. member
Activity: 1610
Merit: 264
Not sure if people still commonly use KMSPico because afaik Windows 10 is pretty much free, but yikes.
I guess it applies for those people that really want to personalize their PC, as that is the restriction of an unactivated Windows 10 as far as I remember.

KMSpico is also commonly used to activate MS Office, and that's even more alarming for those that are using word processors along with any sort of crypto business they have. If they can't afford license for MS Office, they can just use open-source word processors, like LibreOffice  which I used when I was configuring my Raspberry Pi long time ago, instead of risking their PCs with these.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I’ve been going over the detailed report, as well as other sites that reference the report, but I haven’t been able to decode to a greater detail the real impact of "Cryptbot is capable of collecting sensitive information from the following applications:". Namely, I was trying to determine the exact information it retrieves on web wallets, and non-web based software such as Ledger Live.

I’m not talking about the generics here, but rather I’m curious to know the detailed information that Cryptobot actually manages to capture. I don’t know if anyone has been able to find more detailed information depicting the above.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
  I have not used Windows for five years now. But as far as I remember, the KMSPico activator has always been in the category of detectable viruses in antivirus. And it is not surprising that as cryptocurrencies develop, hackers will easily integrate everything related to the theft of cryptocurrencies into this activator.
In addition to the fact that Windows is a spy who knows absolutely everything about the user, the new version 11 is not at all successful. In terms of performance, it is famous for being a slow system, but it also adds spy tricks that are difficult to disable for inexperienced users. You have to be stupid and naive enough to trust this system today.
I maintain dkbit98, I work with Linux. Take some time to understand this system, I'm just willing to bet that many, after working with Linux, will never return to this buggy, and at the same time, paid system.

https://www.phoronix.com/scan.php?page=article&item=11900k-windows11-clear&num=1
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
This was pretty much inevitable. What's scary is — using KMSPico is pretty much the norm when talking about the typical 9-5 low-income worker in poor countries. And then you get some of them investing in crypto to hopefully put them in a better financial situation; and now we got malware designed to steal crypto baked into the OS-level. Not sure if people still commonly use KMSPico because afaik Windows 10 is pretty much free, but yikes.
legendary
Activity: 2212
Merit: 7064
Anyone who is running Windows OS should be aware of new malware KMSPico activator used to activate pirated windows os but it's loaded with cryptobot malware.
This malware is collecting information from cryptocurrency related software, wallets, browsers cookies, credit cards and it's capturing screenshots form infected systems.
Some of the software affected by this malware is listed below:
 
- Ledger Live wallet
- Atomic wallet
- Waves crypto app
- Coinomi wallet
- Jaxx wallet
- Electron Cash wallet
- Electrum wallet
- Exodus wallet
- Monero wallet
- MultiBitHDwallet
- Firefox web browser
- CCleaner web browser
- Vivaldi web browser
- Avast Secure web browser
- Brave browser
- Chrome web browser
- Opera Web Browser

Detailed report by Red Canary researcher Tony Lambert for KMSPico with extra spice can be found here:
https://redcanary.com/wp-content/uploads/2021/12/KMSPico-V5.pdf


https://redcanary.com/blog/kmspico-cryptbot/

Solution is to use legal operating system without any activators, and if you want to avoid paying anything just use any free open source Linux operating system of your choice.
Jump to: