Bitcoin Forum

Anyone who is running Windows OS should be aware of new malware KMSPico activator used to activate pirated windows os but it's loaded with cryptobot malware.
This malware is collecting information from cryptocurrency related software, wallets, browsers cookies, credit cards and it's capturing screenshots form infected systems.
Some of the software affected by this malware is listed below:
 
- Ledger Live wallet
- Atomic wallet
- Waves crypto app
- Coinomi wallet
- Jaxx wallet
- Electron Cash wallet
- Electrum wallet
- Exodus wallet
- Monero wallet
- MultiBitHDwallet
- Firefox web browser
- CCleaner web browser
- Vivaldi web browser
- Avast Secure web browser
- Brave browser
- Chrome web browser
- Opera Web Browser

Detailed report by Red Canary researcher Tony Lambert for KMSPico with extra spice can be found here:
https://redcanary.com/wp-content/uploads/2021/12/KMSPico-V5.pdf

https://i.imgur.com/PdJaFrc.jpg
https://redcanary.com/blog/kmspico-cryptbot/

Solution is to use legal operating system without any activators, and if you want to avoid paying anything just use any free open source Linux operating system of your choice.

This was pretty much inevitable. What's scary is — using KMSPico is pretty much the norm when talking about the typical 9-5 low-income worker in poor countries. And then you get some of them investing in crypto to hopefully put them in a better financial situation; and now we got malware designed to steal crypto baked into the OS-level. Not sure if people still commonly use KMSPico because afaik Windows 10 is pretty much free, but yikes.

  I have not used Windows for five years now. But as far as I remember, the KMSPico activator has always been in the category of detectable viruses in antivirus. And it is not surprising that as cryptocurrencies develop, hackers will easily integrate everything related to the theft of cryptocurrencies into this activator.
In addition to the fact that Windows is a spy who knows absolutely everything about the user, the new version 11 is not at all successful. In terms of performance, it is famous for being a slow system, but it also adds spy tricks that are difficult to disable for inexperienced users. You have to be stupid and naive enough to trust this system today.
I maintain dkbit98, I work with Linux. Take some time to understand this system, I'm just willing to bet that many, after working with Linux, will never return to this buggy, and at the same time, paid system.

https://www.phoronix.com/scan.php?page=article&item=11900k-windows11-clear&num=1

I’ve been going over the detailed report, as well as other sites that reference the report, but I haven’t been able to decode to a greater detail the real impact of "Cryptbot is capable of collecting sensitive information from the following applications:". Namely, I was trying to determine the exact information it retrieves on web wallets, and non-web based software such as Ledger Live.

I’m not talking about the generics here, but rather I’m curious to know the detailed information that Cryptobot actually manages to capture. I don’t know if anyone has been able to find more detailed information depicting the above.

I guess it applies for those people that really want to personalize their PC, as that is the restriction of an unactivated Windows 10 as far as I remember.

KMSpico is also commonly used to activate MS Office, and that's even more alarming for those that are using word processors along with any sort of crypto business they have. If they can't afford license for MS Office, they can just use open-source word processors, like LibreOffice  which I used when I was configuring my Raspberry Pi long time ago, instead of risking their PCs with these.

Exactly.

A license, even the most basic Home edition costs a pretty penny so many tend to pirate.

I used to do that (software) until I had my PC infected with malware. It was scary to say the least but thankfully that time Bitcoin wasn't existent yet.

KMSpico is indeed the norm in activating Microsoft products. I don't know if it's the official version or a malware-filled clone, but it doesn't matter since it was meant to be a ticking bomb.
It's a bit sad though, since both Windows and Office can be nowadays used for free, still people are uninformed and prefer to crack it and have bad consequences later....

I used to having this and recommending to other in terms of activating microsoft products when I'm starting my computer hobbies til I get college which is pretty helpful, especially when you don't have a penny to pay.

Good thing its not the case now, but how about to those who still rely this software? Well, hoping of less victims after this report.

I think this is only on the latest KMSpico so the older one can be still used for activating Windows OS.

Actually, I'm only using it just to activate the office but if you use it would directly activate both office and the OS. I'm using the older one with my PC without any problem yet or maybe I'm just protected with Kaspersky total.
So only the latest one is infected with cryptobot malware/virus inside.

KMSPico is so popular that there are countless malicious fakes, and if you are googling "download KMSPico", or looking for it on torrents, you're almost guaranteed to get malware. The original version was/is distributed on My Digital Life forum, but it's probably hard to get it, providing it's still there.

If you want to pirate Windows, use Microsoft Activation scripts (https://github.com/massgravel/Microsoft-Activation-Scripts) - it's open source and is very popular, so a lot of people have reviewed the code.

It has caught my attention that you mention Ledger Live but not Trezor Suite.
To be honest, I did not expect to see hardware wallet related software affected by malware this way.

Anyways, thanks for the heads-up.
This topics makes me feel like to move onto Ubuntu and ditch Windows for good.

Some e-commerce platforms are selling licenses from as low as a few bucks which are capable of receiving genuine updates.

I've used it once when I've downloaded it years ago but it didn't push through and my PC gets an error. Luckily, I don't use it for a long time and I've got my windows activated without having to download any of the same as kmspico.
Well, people should avoid downloadable like this when they don't know how to protect themselves.

Yes, that's what I mean.
And indeed, if you don't pay for Win10 you cannot change desktop image and you have the bottom-right watermark. I don't find that a big deal, I've used Win10 for some 2 years like that on a less-used machine.
It was back then not that annoying.

And for Office, if one is keen to use MS Office (instead of Libre Office, for example), he can use it in-browser, with a free MS account.

Indeed, however if one use it for something productive, he can already make the step of buying a "second hand" license at under 10$, which are more and more popular now.
And the rest can just simply use it with watermark.


Indeed, it's 365.
And that's my point: far too many people don't know about these free options. They are not advertised, since usually nobody pays for advertising a product that doesn't earn money, and far too many end up with malware just because they've assumed that the OS/programs they need cannot be used for free.

Is it free to use? Is activation code permanently used? This topic makes me fearful because I did not use paid Windows and are using cracked one.

I know there are Ubuntu or Linux but I am not familiar with those OS.

What?  :o oh my God thanks for sharing this OP cos I use to activate my windows OS using free windows activators like kmspico, this is why it's better to always purchase your keys instead, if you can pay for antivirus and VPN services why not windows key?

I have one suggestion for you if you want to be sure in this, find KMSPico with Cryptobot malware, download it and install on your Windows OS (you can use virtualbox), than you can test how it works :)

Development for this scripts is temporarily suspended and last update was back in 2020, so I doubt this is keeping up with latest versions on Windows.
Linux is also open source, you don't need to do any mambo jambo, and you will not be monitored like when you use windows.

Trezor Suite is relative new software that only recently they came out of beta testing, so that may be the real reason why it's not on this list.

No wonder I often hear from my friends that they're getting BSOD and I just can't help them as the BSOD didn't indicate any "What failed" below the Stop Code. Moving forward through couple of months, they just told me that their PC was fixed and they didn't know how clean install fixed it.