Security researchers have found a fake Windows 11 upgrade website that promises to offer free Windows 11 installation for PCs that don’t meet minimum specifications, but actually installs data-stealing malware.
Windows 11 has some…interesting…requirements to perform, and its most well-known request is for support for Trusted Platform Module (TPM) version 2.0. This led to fully capable and powerful PCs and laptops unable to upgrade to Windows 11 because they failed to meet minimum specifications.
Naturally, this annoyed people with relatively new hardware that couldn’t upgrade to the latest version of Windows, and many looked for ways around the TPM 2.0 requirement to install Windows 11 on their unsupported devices. .
These are the people this new threat is targeting, as Bleeping Computer reports.
While the website address (URL) should be a red flag (we won’t mention it here), since it’s clearly not a Microsoft website, the website itself looks like a official Microsoft website, using logos and illustrations that make it difficult to tell it apart from a real Microsoft page.
However, as CloudSEK security researchers discovered by clicking the “Download Now” button, the website downloads an ISO file containing malware.
This malware, called ‘Inno Stealer’, uses part of the Windows installer to create temporary files on an infected PC. These create processes that run and place four additional files on your PC, some of which contain scripts that disable various security features, including in the Windows Registry. They also change the built-in Windows Defender Antivirus and remove other security products from Emisoft and ESET.
Other files then execute commands with the highest system privileges, while another file is created in the C:\Users\\AppData\Roaming\Windows11InstallationAssistant folder, and it is this file that contains the code for data theft, named Windows11InstallationAssistant.scr. This then takes information from web browsers, as well as cryptocurrency wallets, stored passwords, and files from the PC itself. This stolen data is then sent to the malicious users who created the malware.
Pretty nasty stuff.
Analysis: Be careful what you wish for
The scale of the infection here, and what it’s capable of stealing from you, is very frightening, but the good news is that it’s easy to avoid.
No matter how desperate you are to install Windows 11, you should only download ISO files from sources that you are absolutely sure are legitimate. Although the creators of this malware have gone to great lengths to make the website legitimate (like many so-called “phishing” attacks), there are telltale signs, such as the aforementioned URL, which points out that it This is not a genuine Microsoft website.
If your PC is eligible for an upgrade to Windows 11, you will be alerted through Windows Update, a tool built into Windows operating systems. It’s the safest way to make sure you’re downloading and installing a genuine copy of Windows 11.
If your PC isn’t eligible because it doesn’t meet the TPM 2.0 requirements, there are safer ways to install Windows 11 without a TPM anyway. But we really don’t recommend any of them, especially since Microsoft is making it harder to run Windows 11 on unsupported systems, which could mean you miss important updates, bug fixes, security and functionality in the future.
But above all, you should never try to download and install Windows 11 ISO file from a website that is not managed by Microsoft itself.