Buzz
Hacker Fakes Windows 11 Download Page to Spread Malicious Code.
Hacker Preying on Naive Users Downloading Fake Windows 11 Infected with Data-Stealing Malware.
In this ongoing campaign, hackers replicate Microsoft's Windows 11 advertisement page. They resort to dirty SEO tactics to elevate this fake page to the top of Google search results.
The fake website mirrors Microsoft's official site, complete with an enticing 'Download Now' button. Upon clicking, users receive an ISO file containing information-stealing software. Hackers engineer it so users can only download the file directly, bypassing TOR or VPN.
This malicious software has undergone detailed analysis by cybersecurity threat researchers at CloudSEK.
According to CloudSEK, the perpetrator behind this campaign employs a new malicious software. It's dubbed as 'Inno Stealer' by researchers due to its utilization of the Inno Setup Windows installer.
Researchers state that Inno Stealer bears no resemblance to the malware used by current information-stealing hacker groups. Additionally, there's no evidence of Inno Stealer being uploaded to the Virus Total scanning platform.
The download file (programmed in Delphi) is the 'Windows 11 setup' executable file within the ISO. Upon execution, it generates a temporary file named is-PN131.tmp and writes 3,078KB of data to another .TMP file.
What should users do?
This isn't the first time hackers have exploited the desire to download and install Windows 11 to distribute malware. You should avoid downloading ISO files from untrusted sources and ideally upgrade to Windows 11 through the Windows 10 Settings menu.
(Reference QTM)
