Fake Windows website dropped Redline malware as Windows 11 upgrade

The domain name used by threat actors in this campaign was convincing enough to trick users into downloading fake Windows installer that would lead to malware infection.

A fake Microsoft website claiming to offer the official version of the newly released Windows 11 operating system was caught delivering malware, according to researchers.

HP’s Threat Research team has disclosed a new scam in which attackers copied the design of the authentic Windows 11 website to distribute RedLine Stealer. The fake website was identified on 27 January 2022, just a day after Windows 11’s final phase upgrade was announced.

According to HP’s research department, the fake website is incredibly convincing. As per their research, a threat actor registered windows-upgradedcom domain and used it to spread malware by luring visitors into downloading/installing a fake installer.

Homepage of the fake Windows 11 upgrade site (Image: HP)

Although the website offered Windows 11 upgrades from Microsoft the difference between the legitimate and scam versions is that in the rogue site, when a user clicks on the Download Now button, instead of downloading the authentic software, it downloads a dubious 1.5MB ZIP archive titled Windows11InstallationAssistant.zip.

The HP security team decompressed the archive and discovered a

Read More: https://www.hackread.com/fake-windows-website-redline-malware-windows-11/