Cryptocurrency-stealing virus detected in KMSpico activator for pirated Windows
The cybersecurity company Red Canary has provided guidance on identifying Cryptbot
10.12.2021 - 12:10
499
1 min
0
What’s new? A virus has been detected in KMSPico's Microsoft Windows and Office activation software, which collects the users' personal data. The attackers use the Cryptbot virus to steal cryptocurrency among other things, according to the cybersecurity company Red Canary.
How does the virus work? Cryptbot has been around for a long time, now the hackers have begun disguising it as the KMSPico activator installer. By clicking on the download link, the user downloads the virus and at the same time, the program installs the activator itself. The attackers disguise Cryptbot with the CypherIT AutoIT encryption software. The virus steals the personal data from the users' web browsers, antivirus software, and crypto wallets.
How to detect the malware? Red Canary recommends searching for binaries containing AutoIT metadata but without AutoIT in the file names, namely, findstr commands similar to “findstr /V /R "^ ... $.”
PowerShell or cmd.exe commands containing “rd /s /q, timeout, and del /f /q together” are used to find Cryptbot.
Useful material?
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024
Business
The rate exchange of the native ACH token reacted with a 10% increase
Apr 18, 2024
Market
Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million
Apr 18, 2024
Market
The platform will be non-custodial and accessible to everyone
Apr 15, 2024
Market
China Asset Management, Harvest Global Investments, and Bosera Asset Management have received permits
Apr 15, 2024