What should be a simple process of updating your PC to Windows 11 becomes a minefield planted with nasty malware.
The website, which remains active, resembles a Microsoft website, with the company’s official logos, banners, fonts and graphics. But instead of helping you through the upgrade process, this compelling game preys on unsuspecting Windows users who discover it in search engine results. When a user catches the bait, usually by looking for ways to install the new OS on a platform that is not compatible with it thanks to new requirements such as the need to have TPM on your machine, the dangerous website pushes an ISO file containing malware.
The bad actors behind this threat campaign use mysterious malware that researchers call “Inno Stealer”. Once active, the malware plants a pair of files that disable various Windows security measures, including those in the registry. They also erase software from antivirus companies Emsisoft and ESET.
Once the malware clears all potential obstacles, another downloaded file runs as a utility with the highest system privileges, while a fourth with a “.SCR” extension is dropped into C: UsersAppDataRoamingWindows11InstallationAssistant from a compromised Windows device.
This is where the horror begins. This file offloads a payload by creating a new process called “Windows11InstallationAssistant.scr”. This executable is capable of collecting web browser cookies and stored usernames and passwords, data in cryptocurrency wallets, and file system data. Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser and Comodo are some of the browsers and wallets vulnerable to attack.
This stolen data is then copied into a PowerShell command, encrypted, and ultimately sent to the malware creator. Additional payloads that run overnight (when users are not active) as TXT files can obtain clipboard information and directory enumeration data.
Security researchers who discovered this troubling threat claim that this included malware does not contain code similar to any others they have seen. However, enticing users with promises of upgrading to Windows 11 is not a new approach. Last year, just as Microsoft announced the widespread rollout of Windows 11, HP cybersecurity researchers discovered fake Windows 11 installers that could push malware onto systems and grab passwords. password, browser cookies, credit card and cryptocurrency wallet information.
To avoid such malicious ISO files, we strongly recommend that you only update your system to Windows 11 using proven channels, namely this link from Microsoft. official windows 11 update site and the “Windows Update” settings in your Control Panel.
It’s easier said than done. More than half of analyzed PCs do not meet Windows 11 requirements, says IT asset management platform provider Sweeper (Going through computer world). As a result, users search for alternative options – the type of search that could bring up dangerous results. Our advice remains the same: if an upgrade isn’t available for your PC, fight the urge to sift through unofficial channels for a workaround – you might end up doing more harm than good. .