Trend Micro experts warn users to be on the lookout for fake free Windows 8 “activators.” They’ve identified a couple of websites that serve malicious programs disguised as such cracks.
The first site offered users a free Windows 8 Activation, while the second one advertised an app called “Windows 8 Activator Loader Extreme Edition 2013.”
In both cases, users are presented with a malicious app detected by Trend Micro as HKTL_KEYGEN.
Once installed, HKTL_KEYGEN asks victims to provide personal information and send an SMS message to a specified phone number in order to continue with the activation.
The IP addresses of the websites that serve the so-called activators point to servers located in Romania and Latvia. Furthermore, the IP addresses also host other suspicious .ru websites, including ones that served fake versions of Instagram and Angy Birds.