Windows pirates are losing their Bitcoin booty – PCWorld

npressfetimg-2190.png

It’s an interesting dichotomy: if you set out to pirate software, you have to extend a little bit of trust towards whomever you get that software from. You must trust, almost literally, in the honor of thieves. That’s proving to be a losing bet for a lot of users who’ve tried to use piracy “activation tools” for Windows and Office, finding that these tools are malware that scours drives for valuable cryptocurrency instead.

The issue was spotted by security research firm Red Canary (via Hot Hardware). Typically, a user will install Windows and/or Office on a trial basis, then search for popular piracy tools that modify system files to unlock the full, paid capabilities of the software. The particular tool in question makes Microsoft software behave as if it has bulk licensing, a less strenuous form of authentication used for massive corporations and government divisions.

While these unlocking tools do exist in legitimate forms (for a loose definition of “legitimate”), fake downloads are appearing with the well-known Cryptbot malware built-in. Cryptbot searches infected computers for popular cryptocurrency wallets and other programs, including the Electrum, Monero, Exodus, and Coinomi wallets. Once authentication info from these wallets is stolen, the cryptographic currency inside can be permanently and irreversibly transferred to thieves’ accounts. The software also attempts to get information from browsers like Chrome, Firefox, Brave, and Opera, presumably looking for login credentials.

Hilariously, Red Canary spotted the unlock tool and the piggy-backing Cryptbot being used by clients that had legitimate bulk licenses from Microsoft; apparently some sysadmins were trying to save time via a shortcut. (Does it count as piracy if, technically, you’ve paid for the software?)

As always, PCWorld recommends against pirating software, and not just for those of you who have six figures of Bitcoin sitting on your drive. The risk of malware just isn’t worth it, especially when there are several legitimate ways to get both Windows or Office on the cheap — or even for free.

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Source: https://www.pcworld.com/article/558191/windows-pirates-are-losing-their-bitcoin-booty.html