A fake Windows 11 update is the bait for installing RedLine Stealer, malware that steals personal and financial data from victims’ PCs. The malicious campaign, now taken down, involved the use of a fraudulent website, which copied the appearance of Microsoft solutions to deliver the virus, small in size and with the promise of being an operating system upgrade assistant.
The strategy, revealed by security experts at HP, talks about the possibility of free advancement to the new version for Windows 10 users and, also, with the different compatibilities involving older chips and motherboards. This is where the offer involving RedLine comes from, with the installer being able to carry out the task smoothly from search poisoning, phishing messages and other methods to reach victims.
Clicking on the site downloads a file in ZIP format with only 1.5 MB, which unzipped, results in a 753 MB installer, hosted on a server on Discord, software widely used by gamers for video calls and text conversations. It is he who starts the malicious processes on the victim’s computer, from DLL files disguised as images, also downloaded from remote servers, and connecting to command servers under the control of the criminals.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
The actions performed depend on the analysis of the files and software installed on the PC. Among the actions of RedLine Stealer are the theft of passwords and cookies saved in browsers, credit card data and cryptocurrency wallets. The focus, always, is financial, with attempts to transfer values or divert deposits to the thieves’ accounts.
Fake Windows 11 update is now offline
According to HP, while the deceptive website responsible for serving it is still available, the file responsible for the RedLine Stealer infection is no longer available. This does not mean that the campaign is over, as criminals can always reactivate the dynamic and host the alleged installer on new servers, in addition to assigning new capabilities to it.
First of all, it is important to remember that the update to Windows 11 is only available through official means, either through Microsoft or through wizards present in the operating system itself. Users should not download by alternative means and need to be vigilant about using fake websites that try to simulate the appearance of legitimate ones.
The same is also true for other solutions, since RedLine Stealer has also appeared disguised as an update for Discord and other software. Keeping security systems active and up-to-date helps to prevent common scams in this category, in addition to displaying alerts when accessing websites known to be fraudulent.
