A New Fake Windows 11 Installer Is Making The Rounds

Windows 11 is “the new hotness” from Microsoft. And it requires you to watch your back as there are fake Windows 11 installers out there that will pwn your computer. The latest one was discovered by HP and outlined on their Threat Research Blog:

Threat actors are always looking for topical lures to socially engineer victims into infecting systems. We recently analyzed one such lure, namely a fake Windows 11 installer. On 27 January 2022, the day after the final phase of the Windows 11 upgrade was announced, we noticed a malicious actor registered the domain windows-upgraded[.]com, which they used to spread malware by tricking users into downloading and running a fake installer. The domain caught our attention because it was newly registered, imitated a legitimate brand and took advantage of a recent announcment. The threat actor used this domain to distribute RedLine Stealer, an information stealing malware family that is widely advertised for sale within underground forums.

Now the RedLine Stealer malware is pretty deadly. As far as I am aware, it is currently the most widely deployed password, browser cookies, credit card, and cryptocurrency wallet info grabber, so its infections can have dire consequences for the victims.

My advice is that if you’re looking for Windows 11, and you qualify for an upgrade because you have the right hardware, simply wait for it to hit your PC. If you don’t qualify for an upgrade because you don’t have the right hardware, don’t try to find a “hack” or something similar to get it on your computer as that may end badly for you.

UPDATE: Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“Attackers can be extremely effective using commodity malware for their efforts. This shows that a threat actor doesn’t need to be sophisticated to be successful. It also shows that an initial compromise and foothold in an organization is almost impossible to defend against. Organizations must focus on improved and more advanced analytics for faster detection of threats. Behavioral modeling and analytics would especially be useful here as it could determine that an unusual domain was being communicated with and a zip archive was being downloaded that would be labeled as abnormal or suspicious activity. In addition, any harvesting of credentials and sensitive data being exfiltrated would also be a potential red flag. However, this does require a combination of non-rule-based machine learning to identify newer variances to the attack and also being able to categorize and escalate suspicious security events into a known attack campaign so that security teams can respond before damage is incurred, in this case continuous theft of credentials over time.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: