Unofficial Microsoft license activators are spreading BitRAT malware

Best 5.1 speakers for PC gaming
Best 5.1 speakers for PC gaming (Image credit: Microsoft)

What you need to know

  • A new malware campaign is underway, aiming to circulate BitRAT far and wide.
  • It relies on people using an unofficial Windows 10 Pro license activator.
  • As is often the case when attempting to pirate software, those who use the unofficial activator are going to end up with an infected machine.

A new malware campaign is up and running, ensuring that those who wanted a pirated copy of Windows 10 are at a particularly high risk of catching a nasty RAT (remote access trojan). Specifically, a BitRAT.

As spotted by AhnLab, the campaign's file-sharing platform of choice, as well as the text in the fake Windows activator's code, imply that the campaign is either being focused on — or originates from — Korea. Of course, once these dupe files hit the web, it doesn't really matter where they start since they all run the risk of spreading like wildfire. And this particular campaign is imitating Windows 10 Pro license activators. Windows is high on the list of digital goods pirates crave, so it's not hard to assume this particular BitRAT campaign poses a higher risk of infecting people than, say, a BitRAT package assuming the identity of less popular software.

You can check out AhnLab's afore-linked writeup for the technical details of how the malware works, but here's the long and short of it for average joes: Once a user makes their failed attempt at pirating Windows 10 Pro, they'll get BitRAT and with it, their system will be totally compromised. BitRAT has keylogging capabilities, will grant attackers access to your webcam and mic, can yoink your browser-logged credentials, and more. Cybercriminals love BitRAT malware because of how versatile it is and how much of a nightmare it can be for the piracy-inclined victim.

The point is, avoid pirating Windows 11, 10, 7, and any other versions, where at all possible. Microsoft even makes offers deliberately targeted at pirates so that everyone can save money and minimize cybersafety risks.

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to