Virus masquerading as Windows activator steals cryptocurrency
Using KMS activators for the Windows operating system can be fraught with problems with cryptocurrency wallets.
What is known
The cybercriminals began to distribute malicious software that masquerades as the KMSPico client for activating Windows and other software. Cybersecurity experts from Red Canary note that when downloading KMSPico, Cryptobot gets onto the computer.
Antiviruses cannot detect the Trojan. After downloading, automatic unpacking of the 7-Zip archive starts. The program can steal data from credit cards and cryptocurrency wallets. Atomic, Monero, Electrum, Jaxx Liberty, MultiBitHD, Exodus, Coinomi, Ledger Live, and Electron Cash wallets are under threat.
A number of popular web browsers are also under attack. These include Avast Secure Browser, Brave, Opera, Google Chrome, Firefox, Vivaldi, and CCleaner Browser.
A source: Red canary