You have to pay attention to a version of KMSPico, the tool used to activate Windowsby simulating a KMS server, which includes malware that steals your cryptocurrencies.

Red Canary Security Researchershave made the discovery and give the name of the malware: Cryptbot.

Beware of a infected version of KMSPico

KMSPico claims to be popular with hackers. Indeed, it is one of the tools that allows you to activate Windows and Office without paying. Hackers know this and therefore take the opportunity to create fake versions that include malware and do more damage than anything else. The latest infected version attacks cryptocurrencies.

In detail, the infected version can collect information from the following software:

• Atomic (cryptocurrency wallet)
• Avast Secure (Internet browser)
• Brave (Internet browser)
• Ledger Live (cryptocurrency wallet)
• Opera (Internet browser)
• Waves Client and Exchange (cryptocurrency applications)
• Coinomi (cryptocurrency wallet)
• Google Chrome (Internet browser)
• Jaxx Liberty (cryptocurrency wallet)
• Electron Cash (cryptocurrency wallet)
• Electrum (cryptocurrency wallet)
• Exodus (cryptocurrency wallet)
• Monero (cryptocurrency wallet)
• MultiBitHD (cryptocurrency wallet)
• Mozilla Firefox (Internet browser)
• CCleaner Browser (Internet browser)
• Vivaldi (Internet browser)

Note that there are several popular software in the bundle, including Brave, Opera, Google Chrome, Firefox, and Vivaldi. These are several hundred million users. We even exceed the billion for Chrome. So be careful.

Red Canary also notes that individuals are not the only ones using KMSPico to illegally activate Windows. The group says it has noticed that several companies are also using this tool. Therefore, a malicious KMSPico is particularly dangerous in such situations.

Another point to be aware of is that the malicious version of KMSPico actually installs the tool, in addition to stealing the cryptocurrency. So users really need to be careful.