April 19, 2022

Hackers are using SEO poisoning to push a fake Windows 11 upgrade site that infects victims with information stealing malware.

Many users are unaware of the requirements for installing the latest Microsoft operating system. One of the requirements is support for Trusted Platform Module (TPM) version 2.0. This requirement is only available on machines that are not older than four years.

Exploiting users’ ignorance, attackers have now launched a malicious website that features the fake Windows 11 with Microsoft’s official logos and an inviting”Download Now” button.

According to researchers, this campaign uses a new malware named “Inno Stealer.” The malware was named Inno Stealer due to its use of the Inno Setup Windows installer.

The malware drops a file with the .SCR extension in the directory of the compromised system. The file unpacks the info-stealer payload and executes it by triggering a new process called “Windows11InstallationAssistant.scr.”

The malware collects web browser cookies and stores credentials, data in cryptocurrency, wallets and data from the file system. Targeted browsers are Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser and Comodo.

Users are advised to avoid downloading ISO files from obscure sources and to perform important OS upgrades only within their Windows 10 control panel. They can also obtain the installation files directly from the source.

The sources for this piece include an article in BleepingComputer.