'Windows 11 Alpha' malware attack tried to trick people out of financial data

Surface Laptop 4 Amd 2021 Display
Surface Laptop 4 Amd 2021 Display (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • A recently discovered malware attack attempted to trick people by claiming a file was made on "Windows 11 Alpha."
  • The attack contained malicious code within a Word document.
  • Security researchers claim that well-known cybercrime group FIN7 was likely behind the attack.

A Windows 11-themed malware campaign tried to trick people into activating malicious code on their PCs. The attack relied on people's lack of knowledge of Microsoft's upcoming operating system. The campaign used a Word document claiming to be made with "Windows 11 Alpha" and pushed people to perform steps to open it. Following these steps activated code that threat actors could use to steal people's financial information.

Anomali Security researchers discovered the attack and break down its technical components (via Bleeping Computer). The researchers claim that cybercrime group FIN7 is likely responsible for the malware campaign. The exact method of spreading the malicious file isn't confirmed at this time but is likely email phishing or spearphishing, according to Anomali.

The idea behind the attack is that if someone sees a document claiming to be made with Windows 11 Alpha, that they may need to perform steps to make the document compatible with older operating systems. This isn't the case, but many people won't be aware of that. As there are instances in which people need to convert genuine Word documents to make them compatible, many PC users are likely used to following prompts that look like those in this malware campaign.

Windows 11 Alpha Attack

Source: Anomali (Image credit: Source: Anomali)

If the code within the file was activated, the file downloaded a JavaScript backdoor. This let attackers obtain a payload on people's PCs. The FIN7 group has been credited with the theft of more than 15 million payment card records. The value of these records is roughly over $1 billion, according to eSentire.

The Windows 11 Alpha malware campaign appeared to have happened between late June and late July 2021, which lines up with Microsoft's official announcement of Windows 11. The attack likely rode the wave of interest about Microsoft's new operating system to take advantage of unsuspecting people.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.