Notebookcheck Logo

Bad actors hide malware in fake Windows 11 upgrade site

Fake Windows 11 upgrade website spreads malware that steals sensitive information. (Image: Unsplash)
Fake Windows 11 upgrade website spreads malware that steals sensitive information. (Image: Unsplash)
HP Threat Research Blog has reported on a dubious Windows 11 upgrade website that distributes RedLine Stealer malware. Hackers are creating inventive websites such as the fake Windows 11 upgrade site or the similar phoney Discord download site to trick victims into downloading malware. To circumvent this, users should ensure that they are downloading from legitimate sites.

HP Threat Research Blog has warned that malicious actors are taking advantage of the recent release of Windows 11 to distribute malware. These bad actors registered the domain, windows-upgrade[.]com, which takes unsuspecting users to a convincing website that masks itself as a legitimate Windows 11 upgrade site. This domain attempts to spread the RedLine Stealer malware, which steals data from a victim's computer and sells it on underground forums.

When clicking the download button on the phoney Windows 11 upgrade site, a zip file named Windows11InstallationAssistant will download, which is hosted on Discord. This zip file has a size of 1.5 MB and expands to 753 MB when decompressed. The zip achieves a staggering compression ratio of 99.8%, possibly due to highly compressible padding. The bad actors may have included this padding as some antivirus may not scan very large files.

Running Windows11InstallationAssistant.exe launches a PowerShell, which downloads the RedLine Stealer. The malware pilfers the victim’s sensitive information such as passwords, bank information, cryptocurrency wallets and the user’s computer information.

This latest attempt to take advantage of recent trends, such as the release of Windows 11, follows similar previous attempts to spread the RedLine Stealer malware, such as when hackers replicated the Discord download page in December 2021. These bad actors frequently distribute malware via fake download sites. Thus, users should only download from trusted websites.

Buy McAfee Total Protection 2022 on Amazon

Dubious Windows 11 upgrade website contains RedLine Stealer malware. (Image: HP Threat Research Blog)
Dubious Windows 11 upgrade website contains RedLine Stealer malware. (Image: HP Threat Research Blog)
Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2022 02 > Bad actors hide malware in fake Windows 11 upgrade site
Aleem Ali, 2022-02-17 (Update: 2022-02-17)