Home » PC Tech & Gaming News » Russian hackers distribute malware-ridden Windows 11 installer to unsuspecting users

Russian hackers distribute malware-ridden Windows 11 installer to unsuspecting users

Don't get caught out by this trick.

Updated: Feb 10, 2022 12:58 pm
Russian hackers distribute malware-ridden Windows 11 installer to unsuspecting users

WePC is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more

Like many folks, Windows 11 is slowly being rolled out across the Microsoft Ecosystem, with tonnes of adverts, articles, coverage and more, people are starting to understand that indeed, a new version of Windows has finally arrived. Unfortunately, with this word-of-mouth also comes opportunities for hackers. As reported on PCMag, this nefarious and malicious version of the Windows 11 installer was first flagged up by HP.

HP states: ‘On 27 January 2022, the day after the final phase of the Windows 11 upgrade was announced, we noticed a malicious actor registered the domain windows-upgraded[.]com, which they used to spread malware by tricking users into downloading and running a fake installer.’

When looking onto the domain of the malicious website, they discovered that the domain was registered to an organization based in Moscow. Furthermore, the design of the website apes the official Windows 11 upgrade website, and could easily mislead users into downloading the malicious package, which was being hosted on Discord, of all things.

Fake Windows 11 installer
An image of the fake website from HP.

What malware is being distributed?

The installer works by getting you to download a fake version of the Windows 11 installer, and then instead injecting your PC with a trojan named a RedLine Stealer. This type of malware is able to skim data from your browsers such as saved passwords, credit card information and much more. This can be incredibly harmful and can be used to upload and download files, in addition to executing commands, which could potentially harm your entire system, or even destroy your device entirely, if the hacker so chooses to do so.

The hack is available on a subscription basis to nefarious customers on underground forums, and can be used in many different applications, which is why the attackers chose to build the hack and package around it.

However, you might not need to worry too much, as the website has since been taken down. However, it’s a timely attack on something that many people might have been predisposed to clicking on, especially since Microsoft is encouraging everyone to upgrade at once. But, just because it’s down doesn’t mean that you’re able to let your guard down when browsing or downloading files online.

These hacks are becoming more sophisticated than ever, and with the value of your data soaring in legal and illegal channels alike, the proliferation of these attacks are likely to continue, to appear as something innocent, but ultimately lead to something potentially disastrous. If you’re wary of attackers getting into your system and being able to do pretty much whatever they want with your system. HP points out that there was previously a similar style of hack, but it was used for a malicious installation of Discord, instead. Regardless, we should thank the workers who constantly battle every day to keep our internet safe against malicious forces.

This is likely not the last hack of this kind that we’ll see targeted around Windows 11, so be sure that you keep your wits about you while browsing the web.

Trusted Source

WePC’s mission is to be the most trusted site in tech. Our editorial content is 100% independent and we put every product we review through a rigorous testing process before telling you exactly what we think. We won’t recommend anything we wouldn’t use ourselves. Read more