These fake Windows 11 upgrade installers will just infect you with malware
Don’t download a Windows 11 installer unless you’re certain it’s coming from Microsoft
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A fakeWindows 11installer has been discovered online, with experts warning any gullible consumers who download it will end up with RedLine Stealer, a potentmalwarethat can steal passwords, cryptocurrency wallet information, credit card data, browser info, and a lot, lot more.
Cybersecurity researchers fromHPsay whoever is behind this attack has put a lot of careful thought into it. For one,Windows 11is the latest OS upgrade fromMicrosoft, one that heavily depends on the hardware specs of the device. As such, is not available to allWindows 10users through the OS’ system upgrade feature.
The malicious actors have taken advantage of this fact, setting up new domains that impersonate Microsoft. In this particular case, researchers have spotted the windows-upgraded.com domain, which looks a lot like an official Microsoft page. While this one has already been taken down, numerous others are probably out there, waiting to be discovered.
Broad deployment phase
The researchers also note that the actors have also timed their campaign quite well - Microsoft has only recently announced it has entered the “broad deployment phase”, where Windows 11 is being offered to everyone with an eligible device via Windows Update.
Anyone who ends up downloading files from these fake websites, will get a 1.5MB-heavy ZIP archive named “Windows11InstallationAssistant.zip,” pulled from a Discord CDN.
Windows 11 leak suggests Microsoft is making some big changes>Microsoft shares some good Windows 11 news we’ve all been waiting for>Windows 11: The pros and cons for businesses
Instead of a Windows 11 upgrade, victims will instead download RedLine Stealer, malware that harvests browsers for saved passwords, autocomplete data, credit card information, and such.
The malware also runs a system inventory, pulling inintelsuch as the username, location data, hardware configuration, and information on security software installed on the device.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Newer versions are even able to stealcryptocurrency walletinformation, as well as target FTP and IM clients. It can upload and download files, execute commands, and communicate with its C2 server.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
