When it comes to computer security, one must remain ever vigilant. If you need a refresher on that lesson, HP’s Threat Research department is ready to give you one today. Researchers spotted an incredibly convincing fake website, purporting to offer Windows 11 upgrades straight from Microsoft. Instead it served up a heaping helping of malware.
The scam is actually pretty impressive. The operators of “windows-upgraded.com” (now decommissioned) copied Microsoft’s presentation and style perfectly, with a big friendly “download now” button for all those interested in an upgrade or clean install. What duped users actually got was a 1.5MB ZIP file containing “Windows11InstallationAssistant.exe”, which downloads a DLL disguised as a JPEG file.
The end result is the installation of the well-known RedLine Stealer malware suite, dedicated to swiping usernames, passwords, credit card numbers, and cryptocurrency information, among other tasty bits of user data.
Similar fake downloads for popular bits of software, like the Discord chat program, have been seen before. HP’s analysis reminds us to always be wary of download sites, even if they’re found via reputable search engines, and always keep that anti-virus scanner running. Oh, and if you want to know how to legitimately download and apply the update for Windows 11, check out our exhaustive guide here.