Software can be expensive, which is why many people choose to download pirated software. Naturally, downloading pirated software is illegal, but many people think there is little chance of getting caught especially if they do not use their own computer to download the software. Most people have access to a computer at work and that is a common place where pirated software is downloaded, both for home use and also for using unauthorized software at work.

Employees at small- to medium-sized businesses may struggle to get authorization to purchase certain software due to the high license cost, even though the use of that software may make employees’ jobs easier. It is not uncommon for employees to go behind their employer’s back and simply download a pirated version of the software they want. The Business Software Alliance conducted a study that suggested 39% of software on computers is unlicensed, and another study suggested 3 in 10 employees use software at work that their employers do not know about. Not all of these ‘shadow IT’ tools will be pirated, as many are available for free, but this is a concern.

Free software may only be free for consumer use. Business use often requires a paid license, and if a license is not purchased businesses are exposed to legal risk. Any software that is installed without the knowledge of the IT department will mean patches for the software to fix known vulnerabilities may not be installed – that would be the responsibility of individual users, not the IT department. Vulnerabilities could remain unaddressed that could potentially be exploited by threat actors to gain access to the user’s device or provide a foothold for a more extensive compromise.

There is also a risk of malware being introduced. This is especially risky with pirated software, which is often bundled with adware, spyware, potentially unwanted programs (PUPs), and malware, which are either included with the software or are installed via software cracks and product activators.

Software cracks and product activators are well-known for installing malware. KMSPico is a software piracy tool that used for activating all features of Windows and Microsoft Office without requiring a license key. The tool uses Windows Key Management Services (KMS), which is a legitimate feature of Windows that is used to license Microsoft products across an enterprise network. This is achieved by installing a KMS server and through Group Policy Objects. KMSPico emulates a local KMS server to fraudulently activate the software.

Many anti-malware solutions detect KMSPico as potentially malicious for good reason. The tool can disable antimalware products to prevent it from being detected, and that alone can open the door for malware. Further, there are many versions of KMSPico available online, and identifying a clean version can be a challenge. There are versions available for download that have been bundled with malware, including the Cryptbot stealer. The Cryptbot stealer is commonly packaged with KMSPico and other product activators and cracks. The user will get the KMSPico, but malware will be silently installed in the background.

Cryptbot stealer is a dangerous malware that can perform a range of functions, including stealing data from web browsers such as Opera, Chrome, Firefox, and Vivaldi. The malware steals browser histories, passwords, credit card information, cookies, and cryptocurrency wallets. The Cryptbot stealer has also recently been updated to make it stealthier and a more effective stealer and it can now search for file paths and exfiltrate a range of files. The Cryptbot stealer is far from the only malware distributed in this manner and malware delivery is not limited to KMSPico. Many cracks and warez are used to install malware.

There are steps businesses should take to make it harder for employees to download pirated software. To prevent downloads from the Internet, WebTitan can be installed. WebTitan is a DNS-based web filter that is used to control the web content that can be accessed by users of business networks. At its simplest, businesses can use the category-based controls to block access to certain categories of websites where pirated software is downloaded such as peer2peer file-sharing networks and any other undesirable categories of websites. WebTitan can also be configured to prevent the downloading of certain files associated with malware, including software installers and other executable files.

It is also important for IT departments to create a full inventory of software to identify any pirated or unauthorized software that has already been installed. This will allow them to remove potentially risky software and to ensure all legitimate software is identified and included in the patch management policy.