Beware.. a fake site to deceive those looking to download Windows 11
Researchers at CloudSEK Information Security have spotted a malicious website that aims to deceive those wishing to upgrade their computer operating systems to Windows 11, while in fact stealing their browsing data and cryptocurrency wallets.
According to "Bleeping Computer", the fake site is designed in a very precise way to provide a copy of the design of the official promotional page for Windows 11 on Microsoft's site.
The fake site promises its visitors that it allows them to directly download the latest Microsoft operating systems for personal computers, without mentioning any details about the basic requirements that must be met by the user's computer to run it.
Combination attack
The attack begins in its first stage before the victim visits the fake site from the ground up, as the beginning is by showing the fake site in the search results on Google when searching for a way to download Windows 11.
When the user falls into the trap and enters the malicious site and presses the download button for the fake Windows 11 copy, an ISO file will begin to be downloaded to the user's device, which contains the file for activating malicious software, which the researchers called Inno Stealer.
Once the malware runs, it implants 4 files into the operating system, whose task is primarily to set an exception set for the Microsoft Defender Windows security system, as well as disable the Registery Security privacy file.
The attack is the first appearance of the "Inno Stealer" software, which works to delete and disable all security software from ESET and Emsisoft companies, in order to avoid detection and deletion.
The Inno Stealer Malware Attack Process - CloudSEK
Huge potential
InnoStellar software relies on stealing cookies stored inside Internet browsers, as well as all login data stored on the browser from user names and passwords of user accounts with electronic services.
The malware also aims to collect the data of any cryptocurrency wallet on the victim's device.
The software targets all cryptocurrency wallets stored within internet browsers such as Chrome, Microsoft Edge, Brave, Opera, Vivaldi, 360browser, and Komodo.
After all available data is acquired and cryptocurrency was stolen, all that data is transferred to one of the servers belonging to those responsible for the attack.
Important tip
CloudSEK researchers give the general netizen an important piece of advice about trying to update their devices to Windows 11, and it's about the importance of making sure that the sites they visit the link, that they really belong to Microsoft, and that they are not just fake sites for fraud.
The researchers also explained the need to avoid downloading ISO files from untrusted sources, and only download them if they were for official updates coming directly from Microsoft for their computer operating system.
.png "Beware.. a fake site to deceive those looking to download Windows 11")