Users of Pirated Windows Software Could Be Losing Bitcoin to Crypto Malware

Software pirates that use the KMSPico tool to activate Windows on their computers might also be inadvertently opening the doors for malware to steal crypto right out of their wallets.

Red Canary in the Coalmine

The issue, first spotted by security research firm Red Canary, was that users who installed cracked software – in this case a fake KMSPico installer – had opened up their computers to malware that could steal credentials straight off a PC.

KMSPico is a tool used to activate the full features of Microsoft Windows and Office products without the user actually owning a licence key. Alongside the difficulty in finding a clean download, the antivirus disabling instructions prepare unwitting victims to receive malware.

Crypto Wallets Beware

A classic stowaway on cracked software like KSMPico is Cryptbot, which harms people and organisations by stealing credentials and other sensitive information from affected systems. Cryptbot is able to collect sensitive information from a wide range of applications, including browsers and wallet applications such as:

• Brave browser
• Opera web browser
• Google Chrome web browser
• Mozilla Firefox web browser
• Atomic cryptocurrency wallet
• Electrum cryptocurrency wallet
• Exodus cryptocurrency wallet
• Monero cryptocurrency wallet

The list goes on, but you get the point.

Given the potential profitable rewards involved in cryptocurrency, malware, hacking and other forms of intrusion have been a continual thorn in the side of crypto users. Schemes have ranged from ‘Babadeda’ targeting users on Discord to fraudulent crypto apps designed to steal users’ private keys. According to a report from Google, 86 per cent of Cloud accounts hacked are then used to mine crypto.