It is definitely not a favorable period for Microsoft which, targeted directly in recent days, now also sees users of its Windows operating system targeted, at least if they try to crack it to use it as a latch.
A few days after the attack suffered by Microsoft’s internal systems, it is again a black day for Redmond, with a new circulatory wave for the BitRAT malware, which is affecting many of the users who are trying to pirate the operating system in these hours. Windows.
Having a copy of Windows, nowadays, is not very expensive: on the internet there are many sites that resell discontinued licenses of programs and operating systems, not to mention the many ESD licenses sold for a handful of euros even on Ebay and Amazon. Nonetheless, it still happens that someone wants to do the “hunchback” and use famous software in a completely free way: in these cases, we tend to look for activators, which often bypass company checks, periodically resetting the program’s internal counter. (which then runs a trial period in loop) or verifying its authenticity by pointing to local and not remote resources.
One of the activators in question, W10DigitalActivation.exe, was placed by hackers on the Korean online cloud webhard, often used in South Korea to share files on Discord or social platforms and, therefore, very popular: as a result, they are in many users have noticed this program that promises to activate Windows 10 Pro without a shot.
In putting it into operation, the program shows an easy interface with the button to crack the OS but which, in reality, once pressed, leads to download (via downloader which then deletes itself) the remote access trojan (RAT) “BitRAT”, which hides in the TEMP folder as Software_Reporter_Tool.exe, depositing an instance in autorun (to restart each time the PC is turned on), and an exception to Windows Defender scans.
Once the steps in question are finished, BitRAT can record everything you write via keylogger, steal credentials from browsers, spy (via webcam and microphones), copy what is on the clipboard (clipboard), undermine cryptocurrencies via XMRig, offer remote control via online dashboard (via hidden virtual network computing techniques), perform reverse proxing via SOCKS4 and SOCKS5. As a consequence of this, what can be done to protect oneself from BitRat contagions is expressed in always relying on original software or, alternatively, free / open source software, while taking into account the fact that promotions often occur. also related to software, which allow you to grab important software with strong discounts.