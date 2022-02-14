Search here...
Fake Windows 11 update infects computers with RedLine malware

By: Brian Adam

Taking advantage of the growing popularity of Windows 11 and the recently announced broad rollout phase announced by Microsoft, it seems that some users have started distributing Fake Windows 11 update installers with RedLine malware hidden in them.

According to the HP researchers who detected this campaign, it is a malware aimed at capturing users’ private and sensitive information such as passwords, browser cookies, credit cards, and most used cryptocurrency wallets, so their infections can have dire consequences for victims.

Macs with ARM processors arrive: 50-100% performance increase expected

Thus, cyber criminals used the apparently legitimate domain “windows-upgraded.com” for the distribution part, copying the genuine style of the Microsoft website, with the addition that if the visitor clicked on the “Download Now” button, he received a 1.5 MB ZIP file called “Windows11InstallationAssistant.zip”sourced directly from a Discord CDN.

Fake Windows 11 update infects with RedLine malware

When the victim launches the executable in the folder, it starts a PowerShell process with an encoded argument. Then it starts a cmd.exe process with a timeout of 21 seconds, and once it expires, a .jpg file is fetched from a remote web server. This file contains a DLL with content organized in reverse, possibly to evade detection and analysis. Finally, the initial process loads the DLL and replaces the current thread context with itperforming a payload of the RedLine malware, which connects to the command and control server via TCP waiting for instructions.

Although the site originally used to distribute this malware has now been removed, experts warn that nothing prevents criminals from setting up a new domain and restarting their campaign, or even having more than one page dedicated to it. data theft action.

Unfortunately, this is not the only current threat. As shared from BleepingComputer, cybercriminals are also taking advantage of legitimate Windows 11 update clients to execute malicious code on some previously compromised user systems.

Learn how to add WhatsApp to Instagram: see this guide

For our part, we urge you to pay attention whenever you have to download a file, and to follow our recommendations to stay safe online.

Previous articleA new alternative to aluminum, but of plant origin
Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.

Fake Windows 11 update infects computers with RedLine malware

Taking advantage of the growing popularity of Windows 11 and the recently announced broad rollout phase announced by...
At Techsmart we provide you the information gathered from different resources about Tech Industry. We do not own any images or content shared on the website unless we declare that we have copyright in the image or content. If you find anything copyrighted on the site, please contact us

