Windows 11: The HP security team has found a new scam that uses a fake offer to upgrade computers to Windows 11 as bait. The scam was identified on January 27, 2022, the release date of a major operating system update, and has an elaborate dissemination process. He started with the registration of a fake website that copies the company’s visual identity and even has a similar address, but under a domain unrelated to Microsoft.
The user who lands on the page is tricked into clicking the download button and downloading a zipped “update wizard” hosted on a Discord server — a messenger download is another guise used by the same cybercriminals.
Infects PCs with malware
In fact, the victim is downloading a well-known malware called RedLine Stealer. Much marketed on forums, it specializes in stealing information from the infected machine from what is saved in the browser, from documents and login data to cryptocurrency wallets.
To escape antiviruses, the file is larger than 700 MB when extracted, but only 1.5 MB in the original .zip file. It has a storage of contents in reverse order, making it difficult for security systems to read DLL files.
Experts say the domain was registered by a person based in Moscow and went offline after the complaint, but similar sites may appear.