Unofficial Microsoft license activators are spreading BitRAT malware

A new malware campaign is up and running, ensuring that those who wanted a pirated copy of Windows 10 are at a particularly high risk of catching a nasty RAT (remote access trojan). Specifically, a BitRAT.

As spotted by AhnLab, the campaign's file-sharing platform of choice, as well as the text in the fake Windows activator's code, imply that the campaign is either being focused on — or originates from — Korea. Of course, once these dupe files hit the web, it doesn't really matter where they start since they all run the risk of spreading like wildfire. And this particular campaign is imitating Windows 10 Pro license activators. Windows is high on the list of digital goods pirates crave, so it's not hard to assume this particular BitRAT campaign poses a higher risk of infecting people than, say, a BitRAT package assuming the identity of less popular software.

You can check out AhnLab's afore-linked writeup for the technical details of how the malware works, but here's the long and short of it for average joes: Once a user makes their failed attempt at pirating Windows 10 Pro, they'll get BitRAT and with it, their system will be totally compromised. BitRAT has keylogging capabilities, will grant attackers access to your webcam and mic, can yoink your browser-logged credentials, and more. Cybercriminals love BitRAT malware because of how versatile it is and how much of a nightmare it can be for the piracy-inclined victim.

The point is, avoid pirating Windows 11, 10, 7, and any other versions, where at all possible. Microsoft even makes offers deliberately targeted at pirates so that everyone can save money and minimize cybersafety risks.