Be Careful of the KMSPico Activator – It could be a Ransomware!

  • 6
    Shares

If you are using KMSPico Activator for activating your Windows or MS Office, then you could be risking yourself to a ransomware infection. Quick Heal Threat Research Labs has recently observed a new variant of ransomware called Domino that is using this activator as a carrier. The malware encrypts the infected files and appends the extension “.domino” to the files.

How does the Domino ransomware enter its victim’s computer?

The ransomware pretends to be the KMSPico Windows Activator (a tool used to activate any version of Windows and Microsoft office). An unsuspecting user may install this tool thinking it to be the real one, and end up infecting their computer with the ransomware.

Download this PDF for a technical analysis of this ransomware.

PDF icon

Quick Heal Anti-Ransomware Technology successfully detects the file encryption activity of the Domino ransomware.

Safety practices to stay safe against Domino ransomware and other destructive malware:

  • Only use licensed software and avoid pirated software
  • Avoid downloading and installing activators for activating OS or other software
  • Read and understand the privacy policy and risks involved while installing any software
  • Back up all important files on a regular basis
  • Run antivirus software on your computer and keep it up-to-date

 

ACKNOWLEDGMENT
Subject Matter Expert
– Prashil Moon (Threat Research and Response Team)

Quick Heal Security Labs

Quick Heal Security Labs


4 Comments

Leave a Reply to Anirban Dutta Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. Avatar Anirban DuttaSeptember 13, 2016 at 9:00 AM

    THANK YOU Quick Heal for detect it. But instead of user notification ( Allow or Block[Recommended] ) block such type of viruses by default.

    Reply
  2. Thank you

    Reply
  3. Avatar Tanmoy SannigrahiSeptember 20, 2016 at 7:28 PM

    Respected Sir,
    Once i used it to active office into my system.But quick heal detect that & remove it. Although i found folder name your product to program file.I delete it manually. Is it safe now?

    Reply