A dangerous virus was found in the popular installer for Windows and other Microsoft products. It is reported by the Bleeping Computer edition.
Journalists refer to the report of the company Red Canary, whose specialists discovered a fraudulent program in the widespread program for activating Microsoft products. According to them, the KMSPico utility is a popular pirated program for activating Microsoft Windows and Office, while having nothing to do with the American software manufacturer. “We've seen several IT departments use KMSPico instead of Microsoft’s legitimate licenses to activate systems,” said analysts at the firm, Tony Lambert. Experts have noticed that in some cases, users can deal with modified software.
A pirated program is a self-extracting executable file. When the user clicks on the installer icon, the utility installs a virus on the PC. It turned out that KMSPico can access cryptocurrency wallets, steal funds and withdraw them to the accounts of fraudsters. So, the virus turned out to be able to receive data from Ledger Live, Jaxx Liberty, Electron Cash and other wallets, as well as browsers Opera, Google Chrome, Mozilla Firefox, Vivaldi.
“Since Cryptbot does not depend on the presence of unencrypted binaries on the disk, its detection and neutralization is possible only by monitoring malicious behavior,” the experts emphasized. Red Canary experts recommended that users activate Microsoft products through the company's website.
In the middle of summer, Kaspersky Lab specialists discovered several malicious systems that look similar to the Windows 11 installer. When a virus is activated, “all kinds of software of varying degrees of maliciousness” are installed on the user's computer.