Beware: Fake Windows 11 Installer Steals Credit Cards and Cryptocurrency Wallet Passwords

Experts have discovered malware that, when downloaded, pretends to be a Windows 11 installer. Once opened, your computer is infected with malware known as RedLine Stealer, which collects data such as credit card information, passwords, and even data needed for cryptocurrency wallets.

The HP Threat Research Team shared a report detailing the security threat on February 8, 2022. While evaluating the problem, the company’s experts found that the malicious file is being distributed through a website that is very similar to the official Microsoft Windows 11 page. When users clicked the download button on the website, the file hosted on the Discord file sharing system was saved to their PC.

HP explains that its research team first noticed the windows-upgrade.com domain registration just a day after the Windows 11 final upgrade was announced. The registration led experts to a website set up to distribute malware that tricked users into run a fake Windows 11 installer. When clicked, the website downloaded a zip file named Windows11InstallationAssistant.zip to the user’s computer. The compressed file is only 1.5MB, according to HP; it contains six Windows DLL files, a portable executable, and an XML file. Once activated, the executable downloads and installs RedLine Stealer on the user’s PC.

This software is able to collect any information about the software and hardware of the current system. It copies any saved passwords from browsers, as well as autofill data for credit or debit cards. Thus, it is one of the most dangerous types of malware.

Experts recommend making sure you only use official download sources for any new software.