Security (*11*) researchers have found a fake (*11*) Windows 11 update (*11*) website that promises to offer free installation of (*11*) Windows 11 for PCs that do not meet the minimum specifications, but which actually installs malware to steal data.
Windows 11 has some... interesting... requirements to meet, and its most well-known request is support for the (*11*) Trusted Platform Module (TPM) version 2.0. This led to fully capable and powerful PCs and laptops that couldn't be upgraded to Windows 11 because they didn't meet the minimum specifications.
Naturally, this annoyed people with relatively new hardware who couldn't upgrade to the latest (*11*) Windows, and many looked for ways (*11*) to circumvent the (*11*) TPM 2.0 requirement to install Windows 11 on your unsupported devices.
These are the people targeted by this new threat, as Bleeping Computer reports.
look legit
While the website address (URL) should be a red flag (*11*) (we won't mention it here), since it's clearly not a Microsoft (*11*) website, the website itself looks like an official (*11*) Microsoft website, with logos and illustrations that make it difficult to distinguish. apart (*11*) a real page (*11*) Microsoft.
However, as researchers (*11*) security (*11*) CloudSEK discovered when you click the "Download Now" button, the website downloads an ISO file that contains malware.
This malware, called 'Inno Stealer', uses part of the (*11*) Windows installer to create temporary files on an infected PC. These create processes that run and place four additional files on your PC, some (*11*) of which contain scripts that disable various (*11*) security features, including in the (*11*) Windows registry. They also change the integrated antivirus (*11*) Windows Defender and remove other products (*11*) security (*11*) Emisoft and ESET.
Other files then execute commands with the highest system privileges, while another file is created in the C:UsersAppDataRoamingWindows11InstallationAssistant folder, and it is this file that contains the code for the theft (*11*) data, named Windows11InstallationAssistant.scr . It then takes information (*11*) from web browsers, as well as cryptocurrency wallets (*11*), stored passwords and files (*11*) from the PC itself. This stolen data is then sent to the malicious users who created the malware.
Pretty nasty stuff.
Analysis: Be careful what you wish for
The scale (*11*) of the infection here, and what it's (*11*) able to steal from you, is very scary, but the good news is that it's easy (*11*) to avoid.
No matter how desperate you are to install Windows 11, you should only download ISO files (*11*) from sources that you are absolutely certain (*11*) are legitimate. Although the creators (*11*) of this malware have done their best to make the website legitimate (as are many (*11*) so-called "phishing" (*11*) attacks), there are telltale signs, such as the URL mentioned above, which points out that it is not a real (*11*) Microsoft website. website.
If your PC is eligible for an upgrade to Windows 11, you will receive an alert through (*11*) Windows Update, a tool built into Windows operating systems. It is the safest way to (*11*) make sure (*11*) that you are downloading and installing a genuine copy (*11*) of Windows 11.
If your PC is not eligible because it does not meet the (*11*) TPM 2.0 requirements, there are safer ways (*11*) to install Windows 11 without a TPM (*11*) anyway. But we really don't recommend any (*11*) of them, especially since Microsoft is making it harder to run (*11*) Windows 11 on unsupported systems, which could mean you'll miss out on important updates, (*11*) bug fixes, security, and functionality in the future.
But above all, you should never try to download and install Windows 11 ISO (*11*) file from a website that is not managed by Microsoft.