The domain name used by threat actors in this campaign was convincing enough to trick users into downloading fake Windows installer that would lead to malware infection.
A fake Microsoft website claiming to offer the official version of the newly released Windows 11 operating system was caught delivering malware, according to researchers.
HP’s Threat Research team has disclosed a new scam in which attackers copied the design of the authentic Windows 11 website to distribute RedLine Stealer. The fake website was identified on 27 January 2022, just a day after Windows 11’s final phase upgrade was announced.
According to HP’s research department, the fake website is incredibly convincing. As per their research, a threat actor registered windows-upgradedcom domain and used it to spread malware by luring visitors into downloading/installing a fake installer.
Although the website offered Windows 11 upgrades from Microsoft the difference between the legitimate and scam versions is that in the rogue site, when a user clicks on the Download Now button, instead of downloading the authentic software, it downloads a dubious 1.5MB ZIP archive titled Windows11InstallationAssistant.zip.
The HP security team decompressed the archive and discovered a