- An anonymous user put up a fake website of Windows 11 to spread malware.
- The same campaign was used to run a fake Discord download page in December 2021.
- Both times the user was redirected to the RedLine Stealer installer.
Days after Microsoft announced its latest Windows 11 OS back in June, many excited fans were desperate to get their hands on it. Microsoft declared the last phase of availability of Windows 11 – January 26th. Sensing an opportunity here, an anonymous user put up a fake campaign of Windows 11 the very next day to spread malware. The fake website was a well thought and processed replica of Microsoft.
Kean-eyed viewers at HP quickly discovered the malicious activity and reported the complete analysis in a research report. The report breaks down the entire campaign that goes by – windowsupgraded[.]com in extreme detail. The Windows 11 clone page redirects users to a RedLine Stealer installer that steals valuable information such as credit card details, saved credentials, autocomplete data, and cryptocurrencies. We’ll get back to the RedLine Stealer part later.
And if you want to check if your system matches the requirement, check this Windows 11 system requirements article.
What is RedLine Stealer?
RedLine Stealer is a malware that can be purchased at $100/$150 (around Rs 8,000/11,000) depending on the version or on a subscription basis of $100 per month(around Rs 8,000) on the dark web. This malware collects data from browsers such as stored passwords, autocomplete data, credit card information, and even cryptocurrencies. When executing on a target machine, system data is collected, including information such as the login, location data, hardware configuration, and information about installed security software.