Security News > 2022 > February > Fake Windows 11 upgrade installers infect you with RedLine malware
Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware.
The timing of the attacks coincides with the moment that Microsoft announced Windows 11's broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation's success.
According to researchers at HP, who have spotted this campaign, the actors used the seemingly legitimate "Windows-upgraded.com" domain for the malware distribution part of their campaign.
Windows 11 is a major upgrade that many Windows 10 users cannot get from the official distribution channels due to hardware incompatibilities, something that malware operators see as an excellent opportunity for finding new victims.
As BleepingComputer reported in January, threat actors are also leveraging Windows' legitimate update clients to execute malicious code on compromised Windows systems, so the tactics reported by HP are hardly surprising at this point.
Remember, these dangerous sites are promoted via forum and social media posts or instant messages, so don't trust anything but the official Windows upgrade system alerts.
News URL
Related news
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Windows 11 24H2 upgrades blocked on some PCs due to audio issues (source)