search

uBlockOrigin / uAssets

Resources for uBlock Origin, uMatrix: static filter lists, ready-to-use rulesets, etc.
GNU General Public License v3.0
4.04k stars 759 forks source link

Dangerous fake KMS activation websites #24189

Closed ghost closed 3 months ago

ghost commented 3 months ago

Prerequisites

URL(s) where the issue occurs.

kms-full.com
kmspico.ws
kmspico.io

Description

These websites deceives users into downloading malware by making them believe they are installing a legitimate Windows activator.

Other extensions used

none

Screenshot(s)

Screenshot(s)

Configuration

Details ```yaml ```
MasterKia commented 3 months ago

https://github.com/uBlockOrigin/uAssets/issues/24193#issue-2364500987

JobcenterTycoon commented 3 months ago

Most files are detected as a "HackTool" on virustotal.

ghost commented 3 months ago

I also found yasir-252.net, which appears to be more malicious than yasir252.com.

MIOGMIOG commented 2 months ago

(This comment will be talking primarly about KMSpico, but it applies to 99% of other windows/office "activators" as well) Hello, this is kinda like fitgirl repacks situation, where there are many fake websites pretending to be the original. (but KMSpico doesn’t have any website in the first place, the original is a forum post from 2013 on Mydigitallife forums), so I suggest adding wildcard filters, I have made these filters that can be added to Badware risks filter (not just for kmspico, but for other fake activator websites, also I would suggest moving already added fake activators domains here too to their cathegories, also feel free to remove dead domains):

! KMSpico - Official site: https://forums.mydigitallife.net/threads/abandoned-kmspico-official-thread.65739/
||kmspico.*^$all,domain=~forums.mydigitallife.net
||kmspicoofficial.*^$all,domain=~forums.mydigitallife.net
||kmspico-official.*^$all,domain=~forums.mydigitallife.net
||official-kmspico.*^$all,domain=~forums.mydigitallife.net
||officialkmspico.*^$all,domain=~forums.mydigitallife.net
||oficial-kmspico.*^$all,domain=~forums.mydigitallife.net
||kmspico-activator.*^$all,domain=~forums.mydigitallife.net
||activator-kmspico.*^$all,domain=~forums.mydigitallife.net
||getkmspico.*^$all,domain=~forums.mydigitallife.net
||get-kmspico.*^$all,domain=~forums.mydigitallife.net
||kmspico10.*^$all,domain=~forums.mydigitallife.net
||activator-kmspico.net^$all,domain=~forums.mydigitallife.net
||ativadorkmspico.com^$all,domain=~forums.mydigitallife.net
||get-kmspico.com^$all,domain=~forums.mydigitallife.net
||getkmspico.com^$all,domain=~forums.mydigitallife.net
||kmspico-activator-crack.com^$all,domain=~forums.mydigitallife.net
||kmspico-activator-free.com^$all,domain=~forums.mydigitallife.net
||kmspico-activator.in^$all,domain=~forums.mydigitallife.net
||kmspico-mafia.com^$all,domain=~forums.mydigitallife.net
||kmspico-official.xyz^$all,domain=~forums.mydigitallife.net
||kmspico-oficial.com^$all,domain=~forums.mydigitallife.net
||kmspico-software.net^$all,domain=~forums.mydigitallife.net
||kmspico-tools2.site^$all,domain=~forums.mydigitallife.net
||kmspico.co^$all,domain=~forums.mydigitallife.net
||kmspico.icu^$all,domain=~forums.mydigitallife.net
||kmspico.io^$all,domain=~forums.mydigitallife.net
||kmspico.space^$all,domain=~forums.mydigitallife.net
||kmspico.uno^$all,domain=~forums.mydigitallife.net
||kmspico.ws^$all,domain=~forums.mydigitallife.net
||kmspico10.com^$all,domain=~forums.mydigitallife.net
||kmspicoactivator.net^$all,domain=~forums.mydigitallife.net
||kmspicoativador.org^$all,domain=~forums.mydigitallife.net
||kmspicodownloads.com^$all,domain=~forums.mydigitallife.net
||kmspicofficial.com^$all,domain=~forums.mydigitallife.net
||kmspicoofficial.com^$all,domain=~forums.mydigitallife.net
||kmspicoportable.com^$all,domain=~forums.mydigitallife.net
||mrkmspico.com^$all,domain=~forums.mydigitallife.net
||official-kmspico.co^$all,domain=~forums.mydigitallife.net
||official-kmspico.com^$all,domain=~forums.mydigitallife.net
||official-kmspico.org^$all,domain=~forums.mydigitallife.net
||officialkmspico.com^$all,domain=~forums.mydigitallife.net
||officialkmspico.download^$all,domain=~forums.mydigitallife.net
||officialkmspico.net^$all,domain=~forums.mydigitallife.net
||officials-kmspico.com^$all,domain=~forums.mydigitallife.net
||oficial-kmspico.com^$all,domain=~forums.mydigitallife.net
! Microsoft Activation Scripts - Official site: massgrave.dev
||massgrav.*^$all,domain=~massgrave.dev
||massgrave.*^$all,domain=~massgrave.dev
||massgraves.*^$all,domain=~massgrave.dev
! Windows loader by Daz - Official site: https://forums.mydigitallife.net/forums/windows-loader.39/
||dazactivator.*^$all,domain=~forums.mydigitallife.net
||dazloaderteam.*^$all,domain=~forums.mydigitallife.net
||winloader.*^$all,domain=~forums.mydigitallife.net
||dazactivator.com^$all,domain=~forums.mydigitallife.net
||dazloaderteam.com^$all,domain=~forums.mydigitallife.net
||winloader.io^$all,domain=~forums.mydigitallife.net
||winloader.org^$all,domain=~forums.mydigitallife.net
||windows-7-activator.com^$all,domain=~forums.mydigitallife.net

(there is also malwarebytes blog post about fake kmspico websites if someone is interested I guess: https://www.threatdown.com/blog/kmspico-explained-no-kms-is-not-kill-microsoft/)