Cryptbot Infostealer Spreads Through Pirated Software
Pirated software and games are one of the most popular tricks that malware creators use to spread their payloads. Recently, malware researchers identified a new campaign of this type. It focuses on spreading the Cryptbot information stealer, and it uses the popular KMSPico software package to disguise the payload.
What Are Cryptbot and KMSPico?
KMSPico is an app meant to crack copies of Microsoft Windows and Microsoft Office in order to unlock their full features without paying at all. Needless to say, many users who are not willing to pay for the full product may end up looking for a way to download KMSPico and activate their software.
This is what the criminals are exploiting – they have hosted KMSPico downloads laced with the Cryptbot malware. These downloads may come to the attention of users because of online searches, or when exploring communities discussing pirated software. It is important to add that the KMSPico downloads do work as expected – users will get to activate their Windows products, but they will also unknowingly run the Cryptbot infostealer on their device.
The Abilities of the Cryptbot Stealer
As the name of the threat suggests, it focuses on collect information from compromised computers. It is not related to the Cryptbot Ransomware in any way, even though they share the same name. The operators of this stealer are able to fetch data from these programs:
- Cryptocurrency wallets like Atomic, Coinomi, Jaxx, Exodus, Electrum, and Electron cash.
- Data from browsers like Google Chrome, Opera, Brave Browser, and Mozilla Firefox.
- Files used by the aforementioned wallet software.
- Specific file formats stored in the default Windows folders.
Needless to say, such an attack could cost you a lot of money, especially if you are active in the cryptocurrency market. To avoid encounters with the Cryptbot Stealer and similar malware, avoid using pirated software and games. Also, make sure to use an up-to-date anti-malware application at all times.