A fake Windows 11 installer has been discovered online, and specialists warn that any unsuspecting consumer who downloads it will end up with RedLine Stealer, a powerful malware that can steal passwords, cryptographic wallet information (currency, credit card data , browser information, and much more). lots of suites.
Cybersecurity scholars at HP say that whoever is behind this attack has put a lot of thought into it. On the one hand, Windows 11 is the latest (*11*) of Microsoft's operating system, which largely depends on the hardware specifications of the device. As such, it is not free for each and every Windows 11 user through the (*XNUMX*) feature of the operating system.
Malicious actors have taken advantage of this fact, creating new domains posing as Microsoft. In this particular case, scholars noticed the windows-upgraded.com domain, which closely resembles an official Microsoft website. While this one has since been removed, there are probably considerably more waiting to be discovered.
Great deployment phase
Scholars also point out that gamers timed their campaign pretty well, too: Microsoft recently announced that it had entered the "wide deployment phase," in which Windows 11 is offered to anyone with a selectable device via Windows Update.
Anyone who ends up downloading files from these fake sites will receive a 11 MB ZIP file called "WindowsXNUMXInstallationAssistant.zip", pulled from a Discord CDN.
Instead of a Windows 11 (*11*), victims will download RedLine Stealer, a malware that harvests browsers for saved passwords, autofill data, credit card information, and more.
The malware also runs a system inventory, extracting information such as username, location data, hardware configuration, and also information about security software installed on the device.
Newer versions are still capable of stealing cryptocurrency wallet information, such as targeting FTP and IM service clients. You can upload and download files, execute commands and communicate with your C2 server.
Via: BleepingComputer