People looking for an easy way to upgrade to Windows 11 were in for a nasty surprise, as an upgrade assistant software found on discord turned out to be something different!
Microsoft’s latest operating system, Windows 11, has some strict system requirements that you can’t easily overcome. One of the most controversial ones is the Trusted Platform Module 2 (TPM 2.0) required for the OS to load and install on the system. This led many people to search for alternative installers or create their own using third-party tools like Rufus.
Now malware is lurking in every corner of the internet, and the newest trend is fake Windows 11 installers that promise to run on every computer and were found on some Discord servers online.
Researchers from HP explored this malware-in-disguise and uncovered that, in reality, it installs the RedLine Stealer malware, which can harvest crucial information like saved credentials, credit card numbers and autocomplete data. One thing is sure – this installer won’t download the latest version of Microsoft’s OS.
While Windows 11 adoption rate is steadily increasing, it just surpassed Windows 7 in August 2022, meaning that things could be better for the Redmond company.
The HP researchers made an excellent file analysis and found that the zip file with the malware is just 1.5MB. When you extract all the zip contents, the extracted folder is 753MB, something quite odd as the compression ratio is an impressive 99.8%.
The malware sends users through a fake webpage where a disguised Download Now button will gain access to browsers, stealing their data.
The website’s design mimics the original Microsoft site, so it’s pretty much impossible to distinguish, other than looking at the address bar and the suspicious www.windows-upgraded.com URL.
The security researchers reported these issues to Discord, and the platform wants to remove all the file remnants.