IT House February 10 news that since Windows 11 was first announced in June 2021, there have been many campaigns aimed at tricking people into downloading fake malicious Windows 11 installers. While the activity seems to have subsided for a while, it looks like it's back, and this time, it could be even more deadly.
This is because Windows 11 at that time was not open to the public, but only to the internal testers, who were generally more technically proficient and more aware. Since then, however, Windows 11 has become available to the general public and has plans to accelerate its rollout, making the situation even more nuanced.
The new malware campaign was discovered by the HP threat research team because they noticed a new fake website that looked like Microsoft's but was actually distributing files containing RedLine malware.
The name of this website is "windows-upgraded [.com]", and as you can see from the pictures, it may look like a real Microsoft website for those who are not paying attention, because the layout and appearance of the site really resembles the real thing.
When someone clicks on the "Download Now" button, a 1.5MB package called "Windows 11InstallationAssistant.zip" is downloaded. However, to the impression of the HP research team, the 1.5MB file was decompressed into a 753MB folder with a compression rate of 99.8%.
After inversely engineering the contents of the package, HP discovered that the Windows 11 installer passed a payload of RedLine stealer malware that, as the name suggests, was capable of stealing sensitive information such as passwords and other credentials.