Hacker Circulates Fake, Malware-Laden Windows 11 Installer - PCMag

Watch out for malicious Windows 11 installers. Microsoft's recent decision to expand Windows 11^[1] to more PCs has inspired at least one hacker to exploit the software's rollout. 

On Tuesday, HP reported^[2] a fake Windows 11 installer that'll deliver malware to a victim's PC. The company spotted the scheme after noticing the curious "windows-upgraded[.]com" domain.

According to HP, the domain was created a day after Microsoft announced^[3] it was entering the final stage of delivering Windows 11 to eligible PCs. The fake domain was dressed up to look like an official Windows 11 site, and included a "download" button. However, the download is actually a Trojan^[4] capable of stealing passwords and other data from a PC's web browser.

The malicious Windows 11 download arrives as a 1.5MB ZIP file named "Windows11InstallationAssistant." But when unzipped, it will expand to 753MB in size due to the hacker deliberately "padding^[5]" the file's computer code.

"One reason why the attackers might have inserted such a filler area, making the file very large, is that files of this size might not be scanned by an antivirus and other scanning controls, thereby increasing the chances the file can execute unhindered and install the malware," HP says.

If the malicious Windows 11 installer is executed, it'll download a malware^[6] package called RedLine Stealer^[7], which cybercriminals can buy in underground forums and use to steal passwords and auto-complete data such as credit card numbers from browsers

Recommended by Our Editors

The site "windows-upgraded[.]com" is no longer online. But we wouldn't be surprised if other scammers try similar schemes to spread malware to those looking to download Windows 11.

Microsoft is currently working to roll out Windows 11 as a free upgrade to eligible^[8] Windows 10 PCs. However, the update won't arrive through a download button on a website. Instead, the company plans on delivering it through the Windows Update function, which can be found in the Windows 10 settings panel. You can also choose to install Windows 11 manually. Just make sure you download the installation tool from Microsoft's official site and not from some other source.  Check out our guide^[9] on how to do this.

Like What You're Reading?

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use^[10] and Privacy Policy^[11]. You may unsubscribe from the newsletters at any time.

References

1. ^{^} Windows 11 (www.pcmag.com)
2. ^{^} reported (threatresearch.ext.hp.com)
3. ^{^} announced (www.pcmag.com)
4. ^{^} Trojan (www.pcmag.com)
5. ^{^} padding (www.pcmag.com)
6. ^{^} malware (www.pcmag.com)
7. ^{^} RedLine Stealer (malpedia.caad.fkie.fraunhofer.de)
8. ^{^} eligible (www.pcmag.com)
9. ^{^} guide (www.pcmag.com)
10. ^{^} Terms of Use (www.ziffdavis.com)
11. ^{^} Privacy Policy (www.ziffdavis.com)