Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
BitRAT malware bypasses Defender disguised as a Windows key verifier tool
2 min. read
Published onMarch 22, 2022
published onMarch 22, 2022
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
What should be the number one priority when accessing the internet? If you guessed anything that had to do with shopping or games, you aren’t quite there yet.
In fact, security should be our number one priority when dealing with this everchanging, dangerous online world we currently live in.
You might want to know thatsecurity research firm ASEC has discovereda new malware campaign that disguises itself in the form of a Windows product key verification tool.
However, don’t be fooled by the official disguise, as that tool is in reality BitRAT malware or a remote access trojan.
Windows activation software can seriously infect your PC
ASEC uncovered the fact that this particular RAT is being distributed via Webhards which are online file-sharing services in Korea.
Although pirated and unofficial software is often known to infect devices with malware, people tend not to take such warnings seriously.
Needless to say, this drives malware creators to step up their game and keep a constant flow of malicious software coming to the masses.
To better explain how this works, the downloaded zip fileW10DigitalActivation.execontains the dreaded file but also carries a genuine Windows activation file too.
TheW10DigitalActivation_msi file is apparently real while the otherW10DigitalActivation_Tempfile is the malware.
The moment an unsuspecting user runs the exe file, both the actual verification tool as well as the malware file are executed simultaneously.
Of course, this action will give said user the impression that everything is working as intended and there’s really nothing shady about the whole thing.
Then, theW10DigitalActivation_Temp.exemalware file goes on to download additional malicious files from the command and control (C&C) server and delivers them inside the Windows startup program folder via PowerShell.
Finally, BitRAT is installed as the Software_Reporter_Tool.exe file inside the %temp% folder and in Windows Defender.
The exclusion path for the Startup folder and exclusion process for the BitRAT are also added, in case you were wondering.
You can find out more details about this by checking the ASEC official report. Have you downloaded such a file and had to deal with this malware?
Be sure to share your experience with us in the dedicated comments section located just below.
More about the topics:malware,windows 10
Alexandru Poloboc
Tech Journalist
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.
A certified gadget freak, he always feels the need to surround himself with next-generation electronics.
When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Alexandru Poloboc
Tech Journalist
With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.
