HP security experts have uncovered a deceptive Microsoft-branded website offering to download a pseudo-update to Windows 11 that hides dangerous personal data-stealing malware.
As we know, hackers and scammers never lack imagination to deceive their victims. New proof has just been given to us by HP, whose security experts have discovered a new method as original as it is effective for distributing malware. As they explain in a very detailed post published on their blog, the researchers of the HP Threat Research it was noted that a very particular domain name had been registered at the end of January, in the name of a mysterious organization located in Russia.
Nom de domaine : windows-upgraded.com Date de création : 2022-01-27T10:06:46Z Bureau d'enregistrement : NICENIC INTERNATIONAL GROUP CO., LIMITED Organisation déclarante : Ozil Verfig État/Province du déclarant : Moscou Pays du déclarant : RU
In practice, the URL corresponds to a website that perfectly imitates all of Microsoft’s visual codes and that simply offers to update to Windows 11. You might think you’re on an official site, if you don’t pay no attention to the address. Except that a click on the Download Now button triggers the download of a file in Zip format (Windows11InstallationAssistant.zip). The decompression of this apparently legitimate archive generates a succession of various actions, and in particular a well-known malware, RedLine Stealer (or RedLine for short), which has been circulating since December 2021 and which specializes in stealing confidential data ( usernames, passwords, bank card numbers and codes, etc.). Once the PC is infected, RedLine also performs a detailed inventory of the system (username, hardware configuration, location data, etc.) by stealing any cryptocurrency from the victim.
If the usurping site has been closed since it was unmasked, RedLine and the Windows11InstallationAssistant.zip file are still circulating on the Net. And it would not be surprising if they were used in other forms, and by other means, to deceive and rob other users. So be careful. If you’re tempted to upgrade from Windows 10 to Windows 11, check out our how-to sheet and go to Microsoft’s official site. And, in general, always look at the real ULR of the site you are visiting in the address bar of your browser. And don’t download anything…