Hacker Circulates Fake, Malware-Laden Windows 11 Installer

pcmag.com:

Watch out for malicious Windows 11 installers. Microsoft’s recent decision to expand Windows 11 to more PCs has inspired at least one hacker to exploit the software’s rollout. 

On Tuesday, HP reported a fake Windows 11 installer that’ll deliver malware to a victim’s PC. The company spotted the scheme after noticing the curious “windows-upgraded[.]com" domain.

According to HP, the domain was created a day after Microsoft announced it was entering the final stage of delivering Windows 11 to eligible PCs. The fake domain was dressed up to look like an official Windows 11 site, and included a "download" button. However, the download is actually a Trojan capable of stealing passwords and other data from a PC’s web browser.

The malicious Windows 11 download arrives as a 1.5MB ZIP file named “Windows11InstallationAssistant.” But when unzipped, it will expand to 753MB in size due to the hacker deliberately “padding” the file's computer code.

“One reason why the attackers might have inserted such a filler area, making the file very large, is that files of this size might not be scanned by an antivirus and other scanning controls, thereby increasing the chances the file can execute unhindered and install the malware,” HP says.

If the malicious Windows 11 installer is executed, it’ll download a malware package called RedLine Stealer, which cybercriminals can buy in underground forums and use to steal passwords and auto-complete data such as credit card numbers from browsers

The site “windows-upgraded[.]com” is no longer online. But we wouldn’t be surprised if other scammers try similar schemes to spread malware to those looking to download Windows 11.

Microsoft is currently working to roll out Windows 11 as a free upgrade to