According to researchers, the fake upgrade injects malware onto Windows-based devices and steals crypto wallets and browsing data.

CloudSEK security researchers have discovered a fake Windows 11 update website that would seem pretty convincing to unsuspecting users. The website offers the visitors a free Windows 11 installation for PCs not meeting the operating system’s minimum specifications. However, it actually installs a data stealer.

For your information, Windows 11 comes with a handsome set of requirements, the most famous one being that the system must support Trusted Platform Module version 2.0 (TPM 2.0). This is why even powerful computers and laptops have become incompatible with Win 11. This has led to a rise in malicious campaigns luring people to fake websites like this one.

How to Identify Fake Website

Since people are looking for ways to circumnavigate TPM 2.0 so that their PCs meet Windows 11 requirements, in the campaign identified by CloudSEK researchers, the website looks genuine, but when examined closely, they learned that the site URL wasn’t an authentic Microsoft address and was just designed in a way to look like a genuine Microsoft website with official logos and artwork.

Beware of Fake Windows 11 Update Delivering Malware
Fake Windows 11 Update Website (Image: CloudSEK via Bleeping Computer)

Moreover, researchers discovered that when they clicked the Download Now button, the site downloaded an ISO file containing malware instead of the Windows 11 upgrade.

Details of the Malware

The fake Microsoft website, according to Bleeping Computer, delivers Inno Stealer malware. The malicious software uses a portion of the Windows installer for creating temporary files on the infected device.

Later, it produces processes that execute and store four additional files on the system. Some of these files contain specially designed scripts to disable vital security features like the Windows registry.

Furthermore, they tweak Windows’ default anti-virus software, Windows Defender, and can also delete security products from ESET and Emisoft.

Moreover, files can run commands at the highest system privileges. One of the files created in the C:Users\AppDataRoamingWindows11InstallationAssistant folder contains the data-stealing code titled Windows11InstallationAssistant.scr and takes information from web browsers, stored passwords, other PC files, and cryptocurrency wallets. The stolen data is transmitted to those operating this fake website.

How to Stay Safe?

You may be desperate to install Windows 11 and frustrated that your system doesn’t support this OS; remember to download ISO files only from sites or sources you are 100% sure are legitimate. Scammers are getting highly precise with creating fake websites to make them appear legit, so you should focus on tell-tale signs like the web address.

Moreover, if your device meets Windows 11 compatibility requirements, you will be alerted through the built-in Windows Update feature. That’s the safest way to install a genuine Win 11 update.

More Windows Malware News

  1. LodaRAT Windows malware now hunting Android devices
  2. PyMICROPSIA Windows malware steals browsing data, records audio
  3. New malware mimics Windows scanner to infect PCs with ransomware
  4. New malware in pirated games disables Windows Updates and Defender
  5. Hundreds of Android apps on the Play Store infected with Windows malware

Posted by Charlie