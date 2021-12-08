One of the most used tools to hack Microsoft products, such as the Office package and Windows, was identified by the American cybersecurity service red carnary as the main spreader of Cryptobot malware in the world. Despite being blocked by antivirus, the activator that hacks programs recommends disabling security solutions to allow the use of software without a key or license, which opens loopholes for the virus.

The KMSPico program has become popular with digital piracy adepts for its efficiency as it is based on a legitimate technology, Windows Key Management Services (KMS), used to mass-license Microsoft products within corporate networks. But instead of installing the KMS server in a central location, the crack version activates it locally on the affected machine.

Source: Shutterstock/Reproduction.Source: Shutterstock

What does Cryptobot malware do?

According to red canary, Cryptobot is malware that “harms organizations by stealing credentials and other sensitive information from affected systems”. According to cybersecurity experts, malicious software preferentially targets data related to the following cryptocurrency wallets: Atomic, Ledger Live, Coinomi, Jaxx Liberty, Electron Cash, Electrum, Exodus, Monero and MultiBitHD.

In addition, Cryptobot takes control of the Waves Client and Exchange cryptocurrency applications, steals information from Google Chrome, Mozilla Firefox, Opera, Brave and Vivaldi browsers, and the CCleaner system management tool. But the analyzes carried out indicate that the malware’s primary target is cryptocurrency investors.

As for how to protect against this criminal scheme, the best tip is not to download KMSPico. According to the red canary, many systems are hacked because users download pirated programs thinking that it is “just” cracked software, when in reality, in addition to being illegal, the program has several built-in dangers and threats.