Malware disguises a “pirated” Windows 10 activation tool

According to security company AhnLab, a new malware campaign is being deployed by hackers, aimed at people who want to use “piracy” Windows 10, this malware will spread remote access trojans and their computers, namely: BitRAT.

Malware disguises a

AhnLab’s investigation shows that this malware campaign is focused on South Korea, or originated here. However, once these files appear on the web, they spread very quickly and users in all countries are likely to become victims.

Malware that mimics Windows 10 Pro license triggers. Windows is always on the list of software most targeted by hackers because of its popularity and there are quite a few people who use Microsoft’s operating system unofficially, making it a lucrative bait for bad guys. .

Malware disguises a

You can see in detail how AhnLab studies malware activity here. In short, users illegally activate Windows 10 Pro from a malware tool called “W10DigitalActivation.exe”, which has a simple interface with a button to “Activate Windows 10. “

However, instead of activating the Windows license, the tool will download malware and hard-coded commands operated by hackers. Then the system will be completely compromised. BitRAT has the ability to record keystrokes, access to webcams and microphones, can bind browser-recorded logins, and more. After completing the malware installation, the downloader will remove itself from the system, leaving only BitRAT.

According to experts, even if legal issues are ignored, using pirated software is always a dangerous gamble. The more tools used to activate unauthorized software, the higher the chance of getting infected with malware.

Reference: Windows Central


By Nguyen Manh Cuong

Nguyen Manh Cuong is the author and founder of the tvtoolsalteria blog. With over 14 years of experience in Online Marketing, he now runs a number of successful websites, and occasionally shares his experience & knowledge on this blog.

Leave a comment

Your email address will not be published. Required fields are marked *