Hackers hide Cryptbot malware in a popular utility

Hackers hide Cryptbot malware in a popular utility

Software can be expensive and this can lead some people to decide to pirate applications instead of purchasing their respective legal licenses. However, this practice can lead to several problems. Recently, Red Canary reported that a group of hackers released a modified version of a popular hacking tool online to infect systems with Cryptbot malware.

The tool in question is called KMSPico, which according to Red Canary is used to "activate all the features of Microsoft Windows and Office products without actually owning a license key". Security tools usually block KMSPico, so instructions are often given to disable such protections, thus leaving systems vulnerable to malware.

Which brings us to Cryptbot. Red Canary said it "harms organizations by stealing credentials and other sensitive information from affected systems." The company said that much of that private data is taken from cryptocurrency-related software such as:

Cryptocurrency wallet Atomic Cryptocurrency wallet Ledger Live Cryptocurrency application Waves Client And Exchange Cryptocurrency wallet Coinomi wallet Cryptocurrency Jaxx Liberty Cryptocurrency Wallet Electron Cash Cryptocurrency Wallet Electrum Cryptocurrency Wallet Exodus Cryptocurrency Wallet Monero Cryptocurrency Wallet MultiBitHD Red Canary claimed that Cryptbot also tries to steal information from Google Chrome, Mozilla Firefox, Opera, Brave and Vivaldi web browsers from the CCleaner system management tool, however the extensive list of wallet software targeted by Cryptbot makes it clear that crypto enthusiasts are high-value targets.

As for protection against this scheme, it seems the best option is not to download KMSPico in the first place. Red Canary said: “Save yourself the trouble and choose legitimate and supported activation methods. "

Powered by Blogger.