Watch out for fake Windows 11 downloads that spread malware

Windows 11 Se Winver 2022 Surface Laptop Se
Windows 11 Se Winver 2022 Surface Laptop Se (Image credit: Windows Central)

Windows 11 Update Windowsupdate Estimate New Light

Source: Daniel Rubino / Windows Central (Image credit: Source: Daniel Rubino / Windows Central)

What you need to know

  • A fake Windows 11 update page was used by attackers to infiltrate PCs.
  • The attack used a fake Windows 11 website that directed people to download malware.
  • A similar campaign ran in December 2021, though that attack used a fake Discord website.

Threat actors took advantage of people looking to upgrade to Windows 11 earlier this year. Microsoft's new operating system entered its last phase of availability on January 26, 2022. Attackers quickly jumped to action, initiating a malware campaign the next day that utilized a fake website impersonating a page to download Windows 11.

HP outlines its discovery of the attack on its Threat Research Blog. HP's team noticed that a malicious actor registered the "windows-upgraded[.]com" domain on January 27, 2022. The page had been designed to appear like an official Microsoft website to download Windows 11. Instead, it directed people to a link that downloaded RedLine Stealer, which is a type of malware that steals information.

The Threat Research Blog post breaks down the malware campaign in more technical detail. The key takeaway is that malicious actors hopped on a trending news story to try to take advantage of everyday PC users. Since Microsoft had just entered the final phase of rolling out Windows 11, many people were looking for a way to update.

Source: HP (Image credit: Source: HP)

The fake website was rather convincing. It uses Microsoft's iconography and general site layout.

If you need help getting Microsoft's newest OS, you can follow our guide on how to upgrade to Windows 11.

A similar campaign was discovered in December 2021. That attack used fake versions of Discord's website and sites from other popular messaging services. That campaign also distributed RedLine Stealer.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at