Windows 11 download page imitator spreading malware onto PCs

Surface Pro 8 Hero
Surface Pro 8 Hero (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • A newly discovered malware is being spread through a fake Windows 11 download page.
  • If installed onto a computer, the malware can steal a person's browser data, including information from cryptocurrency wallets.
  • The fake download page used in the attack features stolen images from Microsoft and is designed to appear genuine.

A fake Windows 11 download page is being used as part of a campaign to get malware onto PCs. If successful, attackers can get malware that can steal browser data and cryptocurrency wallets onto the computers of unsuspecting victims.

The campaign relies in part on taking advantage of people that are unfamiliar with the minimum requirements of Windows 11, according to Bleeping Computer.

Victims can be exposed to the attack through poisonous search results that lead to a fake download page for Windows 11. While the URL shows that the site is clearly not run by Microsoft, the page appears genuine at first glance. It features stolen Microsoft images and logos as well as the same font that's used on Microsoft's actual website.

Source: Bleeping Computer (Image credit: Source: Bleeping Computer)

The page has a "Download Now" button that, if used, will install a malicious EXE file onto a PC. CloudSEK shared a technical breakdown of the malware with Bleeping Computer.

The campaign uses a new piece of malware known as "Inno Stealer." The malware can bypass Defender, uninstall security products, and use other tactics to infiltrate a PC. Once it works its way onto a computer, Inno Stealer can obtain a person's web browser cookies, saved information, and data from cryptocurrency wallets. Chrome, Edge, and other popular browsers are all targeted by Inno Stealer.

A similar campaign was discovered earlier this year which also used a fake Windows 11 download page to try to trick people into downloading malware. Both threats utilized convincing fake download pages featuring Microsoft iconography and images.

When searching for updates, it's important to check the source of any files you download. Our guide on how to upgrade to Windows 11 walks through the steps to safely update your PC to the latest version of Windows.

It's also worth using the best antivirus software. When I attempted to navigate to the fake Windows 11 download site on my work PC, my installed security software flagged the threat and wouldn't load the site.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at