Cybersecurity provider Red Canary has issued a warning that there is malware inside a fake Windows installer application called KMSPico Windows Activator, which is circulating on the Internet. The fake uploader is trying to steal user information from various cryptocurrency wallets, among other things. It does this with the help of a crypto robot.
The crypto robot hidden inside the app can gather information from the following apps:
- Atomic cryptocurrency wallet
- Avast Secure web browser
- Brave browser
- Ledger Live cryptocurrency wallet
- Opera Web Browser
- Waves Client and Exchange cryptocurrency applications
- Coinomi cryptocurrency wallet
- Google Chrome web browser
- Jaxx Liberty cryptocurrency wallet
- Electron Cash cryptocurrency wallet
- Electrum cryptocurrency wallet
- Exodus cryptocurrency wallet
- Monero cryptocurrency wallet
- MultiBitHD cryptocurrency wallet
- Mozilla Firefox web browser
- CCleaner web browser
- Vivaldi web browser
The fact that Chrome is on the list, but not Microsoft’s browser Edge, reveals that Microsoft’s claims of “we are safer” at least apply to this software. KMSPico, an unofficial Windows and Office activator, used to activate pirated versions of Windows and Office applications.
Red Canary has also detected that this application is used in institutions, and in this case, the threat affects not only personal users, but also companies.