Threat actors are running campaigns to spread fake Windows 11 installers on the internet.
According to cybersecurity researchers from HP, hackers are mimicking the installer to inject RedLine Stealer malware that can steal credentials, cryptocurrency wallet information, data of credit card, browser info, etc.
Additionally, researchers at HP noted that the actors had timed their campaign quite well; lately, Microsoft announced that it is offering a Windows 11 upgrade to every eligible device through the Windows Update.
And, malicious actors have leveraged this phase by setting up a domain named windows-upgraded.com that imitates Microsoft. Though this domain has been taken down, several others need to be discovered.
The fake websites consisted of a 1.5 MB zip file named Windows11InstallationAssistant.zip; when downloading files from such sites, the users end up installing malware instead of the genuine installer.
The RedLine malware is so dangerous that it can easily steal cryptocurrency wallet information and target FTP and IM clients. Furthermore, the malware is also capable of uploading, downloading files, and executing commands to communicate with its C2 server.
We suggest our readers download upgrades and updates from Microsoft’s official website. By doing so, you can keep your system safe from malware and other threats.
Looking for more Microsoft news? Signup for our newsletter for the latest update.