Hackers create fake Windows 11 page, just 1 click is infected with malicious code

Hackers are luring naive users into downloading fake Windows 11 containing malicious code that steals browser data and cryptocurrency wallets.

In this still active campaign, the hacker created a website that mimics Microsoft’s Windows 11 advertising page. Then, they use dirty SEO tricks to bring this fake website to the top of Google search results.

The fake website has the same logo and icon as the official Microsoft homepage and has an inviting “Download Now” button. When pressing the download button, users will receive an ISO file containing information stealing software inside. The hacker also designed it so that users can only download files directly, not available via TOR or VPN.

This malware has been analyzed in detail by cybersecurity threat researchers at CloudSEK.

Hackers create fake Windows 11 pages, just 1 click is immediately infected with malicious code - Photo 1.

According to CloudSEK, the hacker behind this campaign uses a new piece of malware. The researchers named it “Inno Stealer” because it uses the Inno Setup Windows installer.

The researchers say that Inno Stealer doesn’t have any code that resembles the malware currently being used by hacking groups. In addition, there is no evidence of Inno Stealer being uploaded to Virus Total scanning platform.

The loader file (programming in Delphi) is the “Windows 11 setup” executable included in the ISO file. On launch, this file creates a dump of a temporary file named is-PN131.tmp and creates another .TMP file in which the loader writes 3,078KB of data.

What should users do?

This is not the first time hackers have taken advantage of the need to download and install Windows 11 to spread malicious code. You should avoid downloading ISO files from unsecured sources and it is best to upgrade to Windows 11 from the Settings menu of Windows 10.

(Refer to QTM)

You are reading the article Hackers create fake Windows 11 page, just 1 click is infected with malicious code
at – Source: – Read the original article here

Back to top button