Friday, May 27 2022
Windows 11 update

The fake website page looks identical to this one.
Picture: Microsoft

What should be a simple process of updating your PC to Windows 11 becomes a minefield planted with nasty malware.

Security Researchers at CloudSEK informed beeping computer of a fake Windows 11 upgrade website that injects malware on Windows PC to steal browsing data and cryptocurrency wallets.

The website, which remains active, resembles a Microsoft website, with the company’s official logos, banners, fonts and graphics. But instead of helping you through the upgrade process, this compelling game preys on unsuspecting Windows users who discover it in search engine results. When a user catches the bait, usually by looking for ways to install the new operating system on a platform that is not compatible with it through new requirements like needing to have TPM on your machine, the unsafe website pushes an ISO file that contains malware.

The bad actors behind this threat campaign use mysterious malware that researchers call “Inno Stealer”. Once active, the malware plants a pair of files that disable various Windows security measures, including those in the registry. They also erase software from antivirus companies Emsisoft and ESET.

Once the malware clears all potential obstacles, another downloaded file runs as a utility with the highest system privileges, while a fourth with a “.SCR” extension is dropped into C: Users\AppDataRoamingWindows11InstallationAssistant of a compromised Windows. device.

This is where the horror begins. This file offloads a payload by creating a new process called “Windows11InstallationAssistant.scr”. This executable is capable of collecting web browser cookies and stored usernames and passwords, data in cryptocurrency wallets, and file system data. Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser and Comodo are some of the browsers and wallets vulnerable to attack.

This stolen data is then copied into a PowerShell command, encrypted, and ultimately sent to the malware creator. Additional payloads that run overnight (when users are not active) as TXT files can obtain clipboard information and directory enumeration data.

Security researchers who discovered this troubling threat claim that this included malware does not contain code similar to any others they have seen. However, enticing users with promises of upgrading to Windows 11 is not a new approach. Last year, just as Microsoft announced the widespread rollout of Windows 11, HP cybersecurity researchers discovered fake Windows 11 installers that could push malware onto systems and grab passwords. password, browser cookies, credit card and cryptocurrency wallet information.

To avoid such malicious ISO files, we strongly recommend that you only update your system to Windows 11 using proven channels, namely this link from Microsoft. official windows 11 update site and the “Windows Update” settings in your Control Panel.

It’s easier said than done. More than half of scanned PCs do not respond to system requirements for windows 11by IT Asset Management Platform Provider Sweeper (Going through computer world). As a result, users search for alternative options, the type of search that might bring up dangerous results. Our advice remains the same: if an upgrade isn’t available for your PC, fight the urge to sift through unofficial channels for a workaround, you might end up doing more harm than good. .

Previous

This Convincing Windows 11 Upgrade Website Contains Malicious Malware

Next

VLTA investors have the option to sue for securities fraud from Volta Inc.

Check Also