What you need to know
- A fake Windows 11 update page was used by attackers to infiltrate PCs.
- The attack used a fake Windows 11 website that directed people to download malware.
- A similar campaign ran in December 2021, though that attack used a fake Discord website.
Threat actors took advantage of people looking to upgrade to Windows 11 earlier this year. Microsoft's new operating system entered its last phase of availability on January 26, 2022. Attackers quickly jumped to action, initiating a malware campaign the next day that utilized a fake website impersonating a page to download Windows 11.
HP outlines its discovery of the attack on its Threat Research Blog (opens in new tab). HP's team noticed that a malicious actor registered the "windows-upgraded[.]com" domain on January 27, 2022. The page had been designed to appear like an official Microsoft website to download Windows 11. Instead, it directed people to a link that downloaded RedLine Stealer, which is a type of malware that steals information.
The Threat Research Blog post breaks down the malware campaign in more technical detail. The key takeaway is that malicious actors hopped on a trending news story to try to take advantage of everyday PC users. Since Microsoft had just entered the final phase of rolling out Windows 11, many people were looking for a way to update.
The fake website was rather convincing. It uses Microsoft's iconography and general site layout.
If you need help getting Microsoft's newest OS, you can follow our guide on how to upgrade to Windows 11.
A similar campaign was discovered in December 2021. That attack used fake versions of Discord's website and sites from other popular messaging services. That campaign also distributed RedLine Stealer.
