Windows 11 is Microsoft’s latest operating system and PC users should download it as soon as possible. But how do you know your download is legitimate?

Over the last few months, users of Windows 10 will have been prompted to upgrade their operating system to Windows 11. As the upgrade is free, it makes sense to take advantage of this. Not only are there new features and functionality, but there is also an enhanced level of security when running Windows 11. However, not everyone has taken the step of downloading and installing this new version of Windows. As a result of this hesitance, hackers have decided to throw their hat into the ring by setting up a malicious website which promises Windows 11, but delivers malware.

Malicious Promises

The malicious website at the center of the story was ‘windows-upgraded.com’ and, thankfully, it has now been deactivated. Nonetheless, it was live for some time and had the capacity to cause damage to any IT systems it managed to infect. Therefore, we’re going to look at how it operated and the tell-tale signs you need to look for.

By creating a genuine looking website, which used Microsoft’s trademark presentation style, the hackers were able to convince visitors that it was legitimate. A large “download now” button was prominently placed and, when clicked, it would appear to be downloading the Windows 11 upgrade files. However, while the file being downloaded was named ‘Windows11InstallationAssistant.exe’, the true identity of the download was very different.

Visitors who had gone through with the download would actually be downloading a malware tool known as RedLine Stealer. This piece of malware is a classic data thief and, as such, targets sensitive data including login credentials, credit card details and cryptocurrency data. All three of these data types have the potential to cause major damage when they fall into the wrong hands, so the ‘windows-upgraded’ website was considered a significant threat.

The link to this website was spread by several different campaigns. Spam emails, forum posts and instant messaging systems were all used to point potential victims towards ‘windows-upgraded.com’ and, as with all malware campaigns, the hackers knew that a small percentage would click the infected links without investigating further.

Protecting Your PC from Malicious Websites

Although the ‘windows-upgraded.com’ website has now been closed, it’s likely that similar websites will soon be set up to replace it. And, again, people will fall victim to it. But you don’t have to see the security of your data be compromised. By following the advice below, you should be able to remain safe:

  • Always Use Official Upgrades: if, for example, you are upgrading a Microsoft product, you need to make sure it’s an official upgrade. A new version of Windows will only be available through an official Microsoft website or the ‘check for updates’ section of Windows. Other sources may look genuine, but it’s likely their offerings are far from legitimate.
  • Check Suspicious Links: all links need to be double checked to make sure they are genuine. While a link may look as though it’s taking you, for example, to an official Microsoft website, the data contained within that link may be sending you somewhere else. But, if you hover your mouse cursor over a link, a popup window will display the true location of the link. Alternatively, if you are suspicious of a link, you can always copy and paste it into a Google search to identify any stories relating to its security credentials.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More