RedLine malware is installed by fraudulent Windows 11 upgrades, warns Bleeping Computer.
Threat actors have started deceiving Windows 10 users into downloading and running RedLine stealer malware by sending them bogus Windows 11 update installers. “These harmful sites are pushed via forum and social media posts or instant messaging,” warns Bleeping Computer. “Therefore, you should only trust the official Windows upgrade system alerts.”
Many Windows 10 users are unable to upgrade from official distribution channels due to hardware incompatibilities, which Bleeping Computer notes is “something that malware operators perceive as a good chance for identifying new victims.”
The attacks took place at the same time that Microsoft announced the broad deployment phase for Windows 11. As a result, the attackers were well-prepared for this move and waited for the ideal time to maximize the effectiveness of their operation. As the most extensively used password, browser cookie, credit card, and cryptocurrency wallet information thief at the moment, RedLine stealer infections can have serious negative effects on the victims.
The attackers exploited the “windows-upgraded.com” domain for the malware distribution portion of their campaign, according to HP experts who have detected this effort. When a visitor selected the “Download Now” button on the website, a 1.5 MB ZIP archive with the name “Windows11InstallationAssistant.zip” was downloaded directly from a Discord CDN. The website looks to be a real Microsoft site.
Nothing prevents the actors from registering a new domain and continuing their campaign even though the distribution site is currently unavailable. In fact, it’s quite likely that this is already taking place in nature.