Jump to content

If You Use Cracked Software, It Will Cost You .............


itman
 Share

Recommended Posts

Far more than the money you saved by avoiding licensing fees:

Malicious KMSPico installers steal your cryptocurrency wallets

Quote

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.

This activity has been spotted by researchers at Red Canary, who warn that pirating software to save on licensing costs isn't worth the risk.

KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services (KMS) server to activate licenses fraudulently.

According to Red Canary, many IT departments using KMSPico instead of legitimate Microsoft software licenses are much bigger than one would expect.

"We've observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems," explained Red Canary intelligence analyst Tony Lambert. 

"In fact, we even experienced one ill-fated incident response engagement where our IR partner could not remediate one environment due to the organization not having a single valid Windows license in the environment."

https://www.bleepingcomputer.com/news/security/malicious-kmspico-installers-steal-your-cryptocurrency-wallets/

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
56 minutes ago, itman said:

Far more than the money you saved by avoiding licensing fees:

Malicious KMSPico installers steal your cryptocurrency wallets

https://www.bleepingcomputer.com/news/security/malicious-kmspico-installers-steal-your-cryptocurrency-wallets/

Interesting. I knew that KMSPico was used by a lot of users but just presumed actually companies would pay for their licenses

Link to comment
Share on other sites

  • Most Valued Members
3 hours ago, peteyt said:

presumed actually companies would pay for their licenses

a company that wants to have immediate and quick official support form the manufacturer of the software will buy legitimate keys/software. the others will just search google for solutions

Link to comment
Share on other sites

There are a couple of trusted tools available on GitHub to illegally make Windows and Office licenses legal that are not even detected by AV Products, including ESET. So it's ridiculous that they had to look for KMSPico to activate windows. If you want to be a pirate then at least be a wise one. 

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, SeriousHoax said:

There are a couple of trusted tools available on GitHub to illegally make Windows and Office licenses legal that are not even detected by AV Products, including ESET. So it's ridiculous that they had to look for KMSPico to activate windows. If you want to be a pirate then at least be a wise one. 

Problem is that anything can be infected now. There are probably more trusted places for things like this but when it is unofficial there is always a risk. Hell, even legitimate software can be hacked and used to distribute malware, but it is more likely to happen on an unofficial version 

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, SeriousHoax said:

There are a couple of trusted tools available on GitHub to illegally make Windows and Office licenses legal that are not even detected by AV Products, including ESET. So it's ridiculous that they had to look for KMSPico to activate windows. If you want to be a pirate then at least be a wise one. 

ESET can detect them if you enable detecting of unsafe applications, indeed some may be malicious modified versions of KMSPico by malware makers , but the original one isn't harmful , so I believe the detection by ESET is true, it is not malware , but an unsafe application

Edited by Nightowl
Link to comment
Share on other sites

1 hour ago, peteyt said:

Problem is that anything can be infected now. There are probably more trusted places for things like this but when it is unofficial there is always a risk. Hell, even legitimate software can be hacked and used to distribute malware, but it is more likely to happen on an unofficial version 

I agree, of course. I'm just saying that the particular organization was stupid to not know how to do it safely. 

 

1 hour ago, Nightowl said:

ESET can detect them if you enable detecting of unsafe applications, indeed some may be malicious modified versions of KMSPico by malware makers , but the original one isn't harmful , so I believe the detection by ESET is true, it is not malware , but an unsafe application

I know that, but one of the tools I'm talking about is not detected by ESET even as a PUA/PUP. Only Bitdefender created a signature for it like a week ago, and the tool is over 1.5 years old. Being a decent tech literate person from a third world country, I know all about piracy and know what is safe and what not. Anyway, I haven't had the need to use any pirated software in a long time. Most pirated software has good free alternatives, except maybe Windows and Adobe's premier, after effects. etc products.

Link to comment
Share on other sites

For further clarification, it is not that a malicious version of KMSPico is being installed although that is certainly a possiblity.

Rather, it is the installer for KMSPico that contains the malware:

Quote

A malicious KMSPico installer analyzed by RedCanary comes in a self-extracting executable like 7-Zip and contains both an actual KMS server emulator and Cryptbot.

"The user becomes infected by clicking one of the malicious links and downloads either KMSPico, Cryptbot, or another malware without KMSPico," explains a technical analysis of the campaign,

"The adversaries install KMSPico also, because that is what the victim expects to happen, while simultaneously deploying Cryptbot behind the scenes."

Cryptbot: https://asec.ahnlab.com/en/23727/ is the malware. As the AhnLab article notes, Cyrptbot is the favorite for bundling in cracker software installers. Also this attack is difficult to detect in that a legit AutoIt script is deployed to load explorer.exe via API call. Then the Cryptbot malware is injected into its memory space and executed from there.

Edited by itman
Link to comment
Share on other sites

I can understand some people using cracked software at home personally. As an individual, prices for some things can be pretty steep and them thinking what's the worst that will happen they will is lose a few pictures or documents. 

But to see actual IT departments that are responsible for maintaining the health of computers on site is unbelievable. It makes you wonder what other security practices are being ignored. Big data leaks just waiting to happen that would far outweigh the cost of a windows license.  

Link to comment
Share on other sites

This article: https://www.technicalactiongroup.ca/these-companies-used-pirated-software-and-lost-millions-of-dollars/ gets into use of cracked software in Canada alone. Yes, it is much more widespread than commonly believed. Note that a "big name" referenced was Nike. Besides millions of dollars lost by malware in such use, the government fines are also quite hefty.

At least, one now has a plausible explanation for the constant ransomware attacks against commercial concerns.

Finally, this might be the time to get legit:

Quote

Microsoft offers 50% subscription discounts to Office pirates

Microsoft is offering discounts of up to 50% on Microsoft 365 subscriptions to those using pirated versions of Microsoft Office willing to switch to a genuine version.

This promotional offer is sent to Office users if Microsoft detects the version installed is non-genuine, and it shows as an alert under the top menu as first reported by Ghacks.

The message displayed is a call to action for those likely using a pirate copy of Microsoft Office: "GET UP TO 50% OFF. For a limited time, save up to 50% on a genuine Microsoft 365 subscription." 

When clicked, the alert sends you to a Microsoft 365 landing page warning that pirated software can expose your computer to security threats.

https://www.bleepingcomputer.com/news/microsoft/microsoft-offers-50-percent-subscription-discounts-to-office-pirates/

Also note what I highlighted in red. Microsoft could also eventually turn you into government authorities for prosecution if your country enforces copyright laws.

Edited by itman
Link to comment
Share on other sites

This is just "hot off the press:"

Quote

STOP Ransomware — the most active ransomware nobody talks about

While other ransomware strains get the most media attention, STOP ransomware has constantly been behind the most significant slice of ID Ransomware submissions and support requests on BleepingComputer's forums in recent years.

Out of thousands of ID Ransomware submissions per day during high ransomware activity, anywhere between 60 and 70 % are STOP ransomware submissions.

This is because this ransomware mainly targets home users through shady sites and adware bundles that push malicious software cracks or adware bundles disguised as free programs.

The latter usually install a wide range of unwanted software onto a user's computer, and, more often than not, one of the programs installed is malware such as STOP Ransomware.

Cracks reported to have been used in STOP Ransomware delivery include KMSPico, Cubase, Photoshop, and antivirus software.

https://www.bleepingcomputer.com/news/security/stop-ransomware-vaccine-released-to-block-encryption/

Edited by itman
Link to comment
Share on other sites

I don't really see how that works. Surely a virus doesn't check to see if it has already infected a computer. It would just proceed to replace those files with it's own files.

Link to comment
Share on other sites

  • Most Valued Members
On 12/6/2021 at 9:50 PM, itman said:

This article: https://www.technicalactiongroup.ca/these-companies-used-pirated-software-and-lost-millions-of-dollars/ gets into use of cracked software in Canada alone. Yes, it is much more widespread than commonly believed. Note that a "big name" referenced was Nike. Besides millions of dollars lost by malware in such use, the government fines are also quite hefty.

At least, one now has a plausible explanation for the constant ransomware attacks against commercial concerns.

Finally, this might be the time to get legit:

https://www.bleepingcomputer.com/news/microsoft/microsoft-offers-50-percent-subscription-discounts-to-office-pirates/

Also note what I highlighted in red. Microsoft could also eventually turn you into government authorities for prosecution if your country enforces copyright laws.

Could they turn you in after you paid as you are admitting to downloading it illegally. 

Then there is the question of if there are deals for other people as I can imagine some being annoyed if those who have always paid are getting worse deals

Link to comment
Share on other sites

4 hours ago, TheStill said:

Surely a virus doesn't check to see if it has already infected a computer.

Actually, they do. One notorious example is Wannacry ransomware:

Quote

There were many clues buried in the code of WannaCry but no one ever claimed responsibility for creating or spreading the program. One researcher discovered early in the cyberattack that the program initially tried to access a specific web address that turned out to be an unregistered nonsense name. If the program was able to open the URL, WannaCry would not execute, so it acted as a sort of kill switch.

https://www.mimecast.com/blog/all-you-need-to-know-about-wannacry-ransomware/

Link to comment
Share on other sites

22 hours ago, peteyt said:

Then there is the question of if there are deals for other people as I can imagine some being annoyed if those who have always paid are getting worse deals

I don't use office at home as I have no use for it. But after a windows update yesterday I was offered a 50% discount on office. But it is like most things loyalty doesn't pay. Most sales people get bonuses for acquiring new customers and nothing for retaining old customers. 

18 hours ago, itman said:

Actually, they do. One notorious example is Wannacry ransomware:

I want to believe that this is some kind of smart protection to stop it being analysed but these things seem far to simple to bypass. Or perhaps that's the idea to kill its self at the first sign of detection? 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...