This fake Windows 11 download page can steal your data

A fake Windows 11 download page was used to spread malware in the downloader's system.

  • An anonymous user put up a fake website of Windows 11 to spread malware.
  • The same campaign was used to run a fake Discord download page in December 2021.
  • Both times the user was redirected to the RedLine Stealer installer.

Days after Microsoft announced its latest Windows 11 OS back in June, many excited fans were desperate to get their hands on it. Microsoft declared the last phase of availability of Windows 11 – January 26th. Sensing an opportunity here, an anonymous user put up a fake campaign of Windows 11 the very next day to spread malware. The fake website was a well thought and processed replica of Microsoft.

Show Full Article

Kean-eyed viewers at HP quickly discovered the malicious activity and reported the complete analysis in a research report. The report breaks down the entire campaign that goes by – windowsupgraded[.]com in extreme detail. The Windows 11 clone page redirects users to a RedLine Stealer installer that steals valuable information such as credit card details, saved credentials, autocomplete data, and cryptocurrencies. We’ll get back to the RedLine Stealer part later.

windows 11
The HP report also mentions a similar activity that took place in December 2021, where a campaign initiated a malware campaign to download a popular messaging service – Discord. Furthermore, the report also mentions that the same RedLine Stealer was used to steal data under the domain – discrodappp[.]com. Both domains windowsupgraded[.]com and discrodappp[.]com used the same domain registrar, DNS servers, and opted for the RedLine Stealer tool.
In case you want to download Windows 11, head over to here. Don’t worry, it’s our blog post and not a malware tool that steals your valuable data.

And if you want to check if your system matches the requirement, check this Windows 11 system requirements article.

What is RedLine Stealer?

RedLine Stealer is a malware that can be purchased at $100/$150 (around Rs 8,000/11,000) depending on the version or on a subscription basis of $100 per month(around Rs 8,000) on the dark web. This malware collects data from browsers such as stored passwords, autocomplete data, credit card information, and even cryptocurrencies. When executing on a target machine, system data is collected, including information such as the login, location data, hardware configuration, and information about installed security software.