14 DAY TRIAL // Security experts started warning users about fake Windows 8 key generators and activators ever since Microsoft launched the operating system. As the popularity of Windows 8 and Windows 8.1 grows, they attract the attention of more and more cybercriminals and scammers.
Ahasverus, a Softpedia Forum user, has recently reported coming across a fake activator while testing Windows 8.1 Enterprise Evaluation in Virtual Box on a Mac OS X machine.
When searching for Windows 8.1 Enterprise activators on Google, you get a lot of results, most of them leading to all sorts of shady websites. Ahasverus has tested an activator called Windows KMS Activator Ultimate 2014 1.7, which is around 10 Mb in size (compressed).
The activator claims to be able to crack Windows Vista, Windows 7, Windows 8, and Windows 8.1. In reality, it can’t activate any of them, but that doesn’t matter since the role of the program is to trick users into installing all sorts of shady software, not to help internauts pirate the operating system.
Most antivirus engines don’t see anything wrong with the so-called activator. However, the user quickly learned that the application was far from being harmless.
Once the process is started, the installer forces users to accept the installation of various other applications: Surftastic (a browser add-on that collects user data and displays ads on websites) and Mobogenie (the app offers Android games, but also accesses SMSs, pictures, and contacts).
“In order to continue and develop free applications, we would like to install on your machine the following program that uses your CPU for virtual currency mining and other computation activities when it is idle/standby,” reads the message in the second phase of the installation process.
Users can press the “Decline” button, but, as we all know, most people simply press the “Next” button when they install software, without giving it too much thought.
The scammers have even come up with a plan in case users try to close the installation process. If victims are not careful, the installation will be resumed when the operating system is rebooted.
After the installation is completed, the activator is launched. However, at this point, the web browser is already hijacked and displays ads.
Once it’s launched, the fake Windows 8.1 activator connects to a remote server to update itself. It’s uncertain what it downloads, but it can’t be anything good.
Finally, the activator doesn’t actually do anything. When the user tries to activate Windows, an error message is displayed.
This is just one of the many Windows 8.1 Enterprise activators out there. Each of them has its own set of tricks, but users who install them end up with adware (best case scenario) or some dangerous piece of malware (worst case scenario) on their computers.