I'm not the type to buy into conspiracy theories, but ever since Apple proved that people will accept someone else being in complete control of your device, and the money spend on it, everyone has wanted a slice of that pie. In fact, this is very likely already happening in the wild. The site appears like a genuine Microsoft site and, if the visitor clicked on the 'Download Now' button, they received a 1.5 MB ZIP archive named "Windows11InstallationAssistant.zip," fetched directly from a Discord CDN.Īlthough the distribution site is down now, nothing stops the actors from setting up a new domain and restarting their campaign. RedLine stealer is currently the most widely deployed password, browser cookies, credit card, and cryptocurrency wallet info grabber, so its infections can have dire consequences for the victims.Īccording to researchers at HP, who have spotted this campaign, the actors used the seemingly legitimate "" domain for the malware distribution part of their campaign.
The timing of the attacks coincides with the moment that Microsoft announced Windows 11's broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation's success. "Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware." Bleeping Computer advises, ".these dangerous sites are promoted via forum and social media posts or instant messages, so don't trust anything but the official Windows upgrade system alerts."īleeping Computer points out that hardware incompatibilities rule out upgrades for many Windows 10 users from official distribution channels - "something that malware operators see as an excellent opportunity for finding new victims."
Beware fake Windows 11 upgrades install RedLine malware, reports Bleeping Computer.
0 kommentar(er)
