Red Canary experts discovered the Windows installer stealing cryptocurrency 
The popular installer for Windows and other products from Microsoft turned out to be a dangerous virus. This is reported by the Bleeping Computer.
Journalists refer to the report of the Red Canary firm, whose specialists found a fraudulent program in a widespread program for activating Microsoft products. According to them, the KMSPico utility is a popular pirated program for activating Microsoft Windows and Office. “We've seen several IT departments use KMSPico instead of legitimate Microsoft licenses to activate systems,” said analyst Tony Lambert.
The pirate program is a self-extracting executable file. When the user clicks on the installer icon, the utility installs a virus on the PC. It turned out that KMSPico can access cryptocurrency wallets, steal funds and withdraw them to the accounts of fraudsters. Thus, the virus was able to receive data from Ledger Live, Jaxx Liberty, Electron Cash and other wallets, as well as browsers Opera, Google Chrome, Mozilla Firefox, Vivaldi.
“Since Cryptbot does not depend on the presence of unencrypted binaries files on the disk, its detection and neutralization is possible only by tracing malicious behavior, “- said the experts. Red Canary experts recommended that users activate Microsoft products through the company's website.
In the middle of summer, Kaspersky Lab specialists discovered several malicious systems that look like Windows 11 installer. When activated, the virus installs “all kinds of software varying degrees of maliciousness. ”