Fake Windows 11 installer coming after passwords, credit cards and crypto wallets

February 12, 2022

By Kim Komando

Over a billion machines run some version of Microsoft Windows. The operating systems’ reach expanded further when Windows 11 entered the market.

But not everybody is capable of upgrading to the new version. That’s because some older computers don’t have the minimum system requirements to handle Windows 11. Tap or click here to determine if your PC has the minimum requirements.

Not having a compatible PC has led some people to look for unofficial copies of the OS. Bad idea. Keep reading to find out how one fraudulent installer puts your credentials and finances at risk.

Here’s the backstory

If your system is too old to run Windows 11, it’s best to get a new PC. Trying to circumvent the installation process and looking for unofficial installers could lead you to spoofed websites.

And that’s exactly what happened when HP’s Threat Research team found a domain that, at first glance, seems to be a legitimate Microsoft website. But the windows-upgraded.com domain hides a dangerous secret.

This spoofed site is complete with Microsoft branding, images and a similar design to an official Microsoft site. Unsuspecting visitors would see a Download Now button on the landing page, offering a free copy of Windows 11.

A Zip file is downloaded to your machine if you hit the button. The problem is the download isn’t Windows 11 at all. Instead, it’s a dangerous malware called RedLine used by cybercriminals to steal credentials, browser cookies, banking information and cryptocurrency wallet data.

Here’s a screenshot from HP Threat Research of what the site looks like:

Windows 11
Credit: HP Threat Research

“It collects various information about the current environment, such as the username, computer name, installed software and hardware information. The malware also steals stored passwords from web browsers, auto-complete data such as credit card information, and cryptocurrency files and wallets,” HP’s Threat Research explained in a blog post.

Thankfully the spoofed site has been taken down. But there will be others, so you need to know how to stay protected.

How to avoid malicious software

Cybercriminals are extremely good at spoofing official websites and communications. That’s why you need to be careful and avoid third-party sites or app stores. And always be wary of phishing emails and texts and avoid clicking links in an unsolicited message.

One way victims found this spoofed website claiming to offer a copy of Windows 11 was through ads found on social media. Never trust social media ads! Most of the time, you’ll either wind up with a device infected with malware, or you’ll purchase an item and receive a fraudulent product if you receive anything at all.

If you want to upgrade to Windows 11, only do so through the updater on your PC or from the official Microsoft site. Here’s a link to the official Windows 11 upgrade page.

You should also have trustworthy antivirus software on all of your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price.

Keep reading

Malware exposes passwords saved in browsers – Check your data now

7 new tips and tricks to make Windows 11 more useful

https://www.komando.com/tips/windows/fake-windows-11-installer/