Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets.
The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing screenshots from the infected systems. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico.
KMSPico is an unofficial tool that’s used to illicitly activate the full features of pirated copies of software such as Microsoft Windows and Office suite without actually owning a license key.
images from Hacker News