Beware: This ‘Windows 11 Update Site’ Can Steal Your Sensitive Information

Microsoft Windows 11

This is because Windows 11 was not open to the public at the time, but only to Insiders, who were generally more tech-savvy and more conscious. However, Windows 11 has since been made available to the masses, with plans for an accelerated rollout, making the situation more nuanced now.

The new malware campaign was discovered by the HP Threat Research Team after they noticed a new fake website that looked like Microsoft’s but was actually distributing files containing RedLine stealing malware.

The name of this site is “windows-upgraded[.com]”, and as you can see from the image below, to those who aren’t paying attention, it may look like a real Microsoft site because of the layout and It does look like the real thing.

When someone clicks the “Download Now” button, the user downloads a 1.5MB compressed package called “Windows11InstallationAssistant.zip” to be downloaded. However, what impressed HP was that the decompression of this mere 1.5MB file resulted in a 753MB folder with a 99.8% compression ratio.

After reversing the contents of the package, HP discovered that the Windows 11 installer delivered a payload of RedLine stealer malware, which, as the name suggests, is capable of stealing sensitive information such as passwords and other credentials.

Leave a Reply