Microsoft software thieves will never learn.

[Porthos]

Malicious KMSPico installers steal your cryptocurrency wallets​

Malicious KMSPico installers steal your cryptocurrency wallets

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.

www.bleepingcomputer.com

In summary, Cryptbot is capable of collecting sensitive data from the following apps:

• Atomic cryptocurrency wallet
• Avast Secure web browser
• Brave browser
• Ledger Live cryptocurrency wallet
• Opera Web Browser
• Waves Client and Exchange cryptocurrency applications
• Coinomi cryptocurrency wallet
• Google Chrome web browser
• Jaxx Liberty cryptocurrency wallet
• Electron Cash cryptocurrency wallet
• Electrum cryptocurrency wallet
• Exodus cryptocurrency wallet
• Monero cryptocurrency wallet
• MultiBitHD cryptocurrency wallet
• Mozilla Firefox web browser
• CCleaner web browser
• Vivaldi web browser

Because Cryptbot’s operation doesn’t rely on the existence of unencrypted binaries on the disk, detecting it is only possible by monitoring for malicious behavior such as PowerShell command execution or external network communication.

 

[britechguy]

I'd never heard of KMSPico until doing a web search after reading your post. Now that I have, I know why I hadn't.

 

[Markverhyden]

This activity has been spotted by researchers at Red Canary, who warn that pirating software to save on licensing costs isn't worth the risk.

Won't be the first or last time......

 

[GTP]

I cant believe that I still get asked where they can "download Windows 10 or now - Windows 11."

Many have a torrent client installed that they use to download all kinds of "free" or "cracked" " software even after being told about the risks and that Windows 10/11 is actually free from Microsoft.

I get clients saying that their PC reports that they cant run Windows 11 so they search on warez and torrent sites for - and download - versions that "will run on any hardware!?"

People will always have "Dancing Pig Syndrome."

 

[britechguy]

People will always have "Dancing Pig Syndrome."

You can't fix willful stupidity.

It can't be accurately characterized as garden variety ignorance anymore.

 

[nlinecomputers]

If you insist on stealing it then do it the Microsoft way. Join the insider program install an insider build and activate it. Then leave the insider program, nuke it and install a regular build and it will activate. Yes it is blatantly illegal and I will not do it for a client. But Microsoft obviously can prevent it yet they don’t. They provide a convoluted yet safe method for those end users who will never pay for the product to get a copy that will not be compromised and be a danger to the internet.

 

[britechguy]

Yes it is blatantly illegal and I will not do it for a client. But Microsoft obviously can prevent it yet they don’t.

And therein lies the rub.

Under the license agreement this is blatantly illegal, and I'm not proposing that any technician should flout this. But the fact that Microsoft does not enforce what it could very easily enforce means that they simply don't care.

Paper tigers tend to be ignored simply because they can. And Microsoft is making Windows licensing an entirely paper tiger for individuals (as opposed to large entities like schools and businesses).

On a blind-centric focused group there is a member who has found IBM-TTS on an IBM FTP server that is public facing and not password protected, and it's been that way for years. They've never released it to the public domain nor does anyone seem to manage the license anymore. These situations leave those who would like to stay purely legal in an ugly bind, because you can't find anyone from whom to license this software. And it leaves those who want to use it to say, "Why would IBM put this on a public FTP server, not password protected, for download if they didn't intend for people to do just that?!," and, from a philosophical standpoint, I 100% agree with them. But that still doesn't leave anyone in a position where they can legally do so.

It's even worse, as far as I'm concerned, with what Microsoft is doing with Windows licensing, which can and will encourage many to be far more cavalier about all their license requirements.

If you're serious, then enforce your own damned license requirements. It's not a major technological undertaking to do so.

 

[nlinecomputers]

It's even worse, as far as I'm concerned, with what Microsoft is doing with Windows licensing, which can and will encourage many to be far more cavalier about all their license requirements.

If you're serious, then enforce your own damned license requirements. It's not a major technological undertaking to do so.

You’d think. But what I have noticed is there are far fewer pirated copies of Windows 10 than there were of 7. Most people actually try and be honest and most people buy premade PCs from OEMs. So most people think Windows is free to begin with. Microsoft does this because hacked back door copies are a danger to the people that are paying clients. Like you and me and the clients we serve. Even though it is theft it’s actually a good thing vs the warez versions of previous years.

 

[britechguy]

Even though it is theft it’s actually a good thing vs the warez versions of previous years.

The problem is, I can't, if I were not splitting hairs, even call it theft. If you are doing something that presents credentials to Microsoft's own verification/licensing system, and it passes them, how can that accurately be called theft? It can't.

Theft means taking what isn't yours, usually by surreptitious means, where the owner(s) of the things taken have no knowledge of it. Microsoft has full knowledge of this and, in fact, is intimately involved in the actual process.

While it may violate the license agreement, which I'm not arguing that it doesn't, it is quite impossible for me to characterize what's happening as theft. I can't steal what you hand me on a silver platter and say, "Here, take it!," without any coercion on my part. If anyone believes I can, then the word theft has no real meaning anymore.

 

[xrobwx71]

I'd never heard of KMSPico until doing a web search after reading your post. Now that I have, I know why I hadn't.

It's one of the things we look for over in the BSOD Forum at Sysnative. It is often the very cause of the BSOD and of course, we have a policy against piracy. We ask them to uninstall it and obtain a legit license before we move forward.

 

[othersteve]

It's one of the things we look for over in the BSOD Forum at Sysnative. It is often the very cause of the BSOD and of course, we have a policy against piracy. We ask them to uninstall it and obtain a legit license before we move forward.

Oh man, Sysnative, I love the SFCFix tool you guys have over there.

 

[NviGate Systems]

Many PC's from China come with PicoKMS. Those little NUC style ones you see on Amazon for sub $200 prices that have Celeron CPU.

 

[alexsmith2709]

KMSPico is picked up by many antivirus scanners now, im surprised people still use it. In the past i didnt believe it did anything malicious and knew a customer would be ****** if i removed it so i always left it but informed the customer that they need to get legal and that the system is not as "clean" as i would prefer it to be so i wont be responsible for any further infections or BSOD's if proven to be caused by KMSPico.
I've also had a couple customers come to me when their antivirus software has quarantined KMSPico and now their Office says it needs activating, some of the time they said they had paid for Office from some other computer shop. As you can imagine, this results in a rather bemused customer and think im the one trying to rip them off!

I wouldnt get involved in it anyway, but at least now if a customers tells me they lost their crypto and they have KMSPico installed I can say that's a possible reason.