Fake Win11 upgrade installs malware

[tosim]

Home › Tech › Computers By Joshua Hawkins April 19th, 2022 at 4:22 PM

Windows 11 Android Apps An unofficial Windows 11 upgrade is making the rounds. Users looking to upgrade their PC from Windows 10 to Windows 11 will want to keep an eye out for this unofficial installer. When downloaded and activated, the installer infects the target PC with info-stealing malware. This unofficial Windows 11 upgrade will steal your private info Microsoft Defender on Windows 11Image source: Microsoft

BleepingComputer says the campaign is currently active, and it’s trying to “poison search results” to push users to download the infected file.

The unofficial Windows 11 upgrade is downloaded via a site that is meant to mimic Microsoft’s official website. Eagle-eyed users should note that the URL is quite different from what you’d see if visiting Microsoft’s website, though.

When users press the download button, they are given an ISO file that harbors the malware inside of it. If the user opens the ISO file, then the malware is installed, giving bad actors access to their information. A group of threat researchers at CloudSEK analyzed the malware and shared the results in a report with BleepingComputer.

CloudSEK named the malware in the unofficial Windows 11 upgrade Inno Stealer. The researchers on the project say that it doesn’t seem to have any similar code to other info-stealers out there. Additionally, they’ve found no evidence of the malware being uploaded to the Virus Total Scanning Platform, either.

How the malware infects your computer

Windows 11 Main Windows 11 running on a PC. Image source: Microsoft CloudSEK says the loader file hides in the “Windows 11 setup” executable found inside of the ISO. When launched, that creates a temporary file named is-PN131.tmp. It then creates another .TMP file allowing the loader to write 3,078KB of data to your PC. The loader then spawns a new process utilizing the Windows API. Altogether, the Inno Stealer creates four different files within your system. The Inno Stealer included in the unofficial Windows 11 upgrade then targets browsers and cryptowallets. Some of the targeted items include Chrome, Opera, Brave, and Vivaldi, as well as wallet sites like wallet-backup\\, WalletWasabi, and wallet.dat. As such, it puts both your account info and cryptowallets at risk.

Because the Inno Stealer gets so much access to your information, I highly recommend avoiding unofficial Windows 11 upgrade options. We understand that many want to install Windows 11 on computers that don’t technically meet the requirements. And there are ways to get around that. But if you want to protect your data, you should only download Windows 11 using your computer’s built-in upgrade system. Or, you can always go directly to Microsoft’s website. Never download from a third-party source.

[Flash]

That's good to know, @tosim, but when you copy-and-paste something, it's good form to include the URL of the web page where you found it.

[sonny]

Home › Tech › Computers By Joshua Hawkins April 19th, 2022 at 4:22 PM

Windows 11 Android Apps An unofficial Windows 11 upgrade is making the rounds. Users looking to upgrade their PC from Windows 10 to Windows 11 will want to keep an eye out for this unofficial installer. When downloaded and activated, the installer infects the target PC with info-stealing malware. This unofficial Windows 11 upgrade will steal your private info Microsoft Defender on Windows 11Image source: Microsoft

BleepingComputer says the campaign is currently active, and it’s trying to “poison search results” to push users to download the infected file.

The unofficial Windows 11 upgrade is downloaded via a site that is meant to mimic Microsoft’s official website. Eagle-eyed users should note that the URL is quite different from what you’d see if visiting Microsoft’s website, though.

When users press the download button, they are given an ISO file that harbors the malware inside of it. If the user opens the ISO file, then the malware is installed, giving bad actors access to their information. A group of threat researchers at CloudSEK analyzed the malware and shared the results in a report with BleepingComputer.

CloudSEK named the malware in the unofficial Windows 11 upgrade Inno Stealer. The researchers on the project say that it doesn’t seem to have any similar code to other info-stealers out there. Additionally, they’ve found no evidence of the malware being uploaded to the Virus Total Scanning Platform, either.

How the malware infects your computer

Windows 11 Main Windows 11 running on a PC. Image source: Microsoft CloudSEK says the loader file hides in the “Windows 11 setup” executable found inside of the ISO. When launched, that creates a temporary file named is-PN131.tmp. It then creates another .TMP file allowing the loader to write 3,078KB of data to your PC. The loader then spawns a new process utilizing the Windows API. Altogether, the Inno Stealer creates four different files within your system. The Inno Stealer included in the unofficial Windows 11 upgrade then targets browsers and cryptowallets. Some of the targeted items include Chrome, Opera, Brave, and Vivaldi, as well as wallet sites like wallet-backup\\, WalletWasabi, and wallet.dat. As such, it puts both your account info and cryptowallets at risk.

Because the Inno Stealer gets so much access to your information, I highly recommend avoiding unofficial Windows 11 upgrade options. We understand that many want to install Windows 11 on computers that don’t technically meet the requirements. And there are ways to get around that. But if you want to protect your data, you should only download Windows 11 using your computer’s built-in upgrade system. Or, you can always go directly to Microsoft’s website. Never download from a third-party source.

How to install/upgrade Windows 11 on unsupported hardware:
https://pureinfotech.com/install-window ... ported-pc/

[mikewalsh]

Hah!

Y'know, I am SO glad I kicked Whinedoze into touch a decade ago. I have no need to put myself through all that crap..!

Mike.

[Tahrbaby]

Hah!

Y'know, I am SO glad I kicked Whinedoze into touch a decade ago. I have no need to put myself through all that crap..!

Mike.

Hah...I would have done too...Just a shame that Linux can't do all Whinedoze does and probably never will !

[wiak]

Hah!

Y'know, I am SO glad I kicked Whinedoze into touch a decade ago. I have no need to put myself through all that crap..!

Mike.

Hah...I would have done too...Just a shame that Linux can't do all Whinedoze does and probably never will !

I'm curious about what MSwindows can do that Linux can't. I haven't used Windows for years, since I find it very limiting. Back in the early 1990s when I was in a research group, everything from MS was considered a consumer toy - all TCP/IP internet protocal dev work (which I was involved in) uses UNIX systems (Linux was in its infancy back then). Certainly, after that on home computer I did use Windows for a while and had some favourite little apps for the likes of image viewing/editing and little audio/video apps of a similar nature, but anything involving data communications (aside from windows shares, which needed samba) was better supported via Linux. So for a while I also kept WINE, but later on even my need for that disappeared. I'm guessing special apps for musicians still well-supported by MSwindows, is there a list of what you and others think MSwindows is best for that Linux can't provide nowadays?

[mikewalsh]

Hah!

Y'know, I am SO glad I kicked Whinedoze into touch a decade ago. I have no need to put myself through all that crap..!

Mike.

Hah...I would have done too...Just a shame that Linux can't do all Whinedoze does and probably never will !

Hm.....really? I've neither used - nor needed - Whinedoze for anything for around 10 years. Haven't missed it, and certainly can't complain that Linux doesn't deliver when it comes to variety/availability of software.

@wiak :- I, too, would be curious to know what Tahrbaby thinks Windows can do that Linux can't. Should be an interesting reply!

Mike.

[fredx181]

[fr-ke]

I've only used Windows once in the last few years.
To unlock the bootloader of a Xiaomi cell phone, I had to create an account.
After a week of waiting, I was able to download and import the activation code.
I could only do this with a forced window program.

[bugnaw333]

I will only use Winbloat because of this:

https://pdsvision.com/slm/arbortext-isodraw/

Its an industry standard and runs also using Windows XP without a crash...

[wiak]

I will only use Winbloat because of this:

https://pdsvision.com/slm/arbortext-isodraw/

Its an industry standard and runs also using Windows XP without a crash...

Yes, that's the kind of situation that forces some users to keep using MSwindows (or at least one Windows machine in the house - can share using remote access). In other words, commercial software written only for Windows (and/or maybe Macs) that industry has adopted. Of course, MSwindows itself doesn't come with software like that - you have to pay for it big time! When we use Linux, on the other hand, we have an easy life where we don't need to worry about paying for anything - all we generally need is available free via open source. We don't worry about 'next edition' costs and problems - we just upgrade our Linux systems anytime. All we have to worry about is when our hardware becomes old and obsolete or breaks - and the state of old and obsolete takes a very long time to reach when you have adopted Linux as your solution to desktop computing.

[8Geee]

Linux since 2008, Puppy since 2015. "ADMIN" sent me here.

8Geee (on the way to Orange-Pi 5b w/ ARCH Linux)

[Tahrbaby]

Hah!

Y'know, I am SO glad I kicked Whinedoze into touch a decade ago. I have no need to put myself through all that crap..!

Mike.

Hah...I would have done too...Just a shame that Linux can't do all Whinedoze does and probably never will !

Hm.....really? I've neither used - nor needed - Whinedoze for anything for around 10 years. Haven't missed it, and certainly can't complain that Linux doesn't deliver when it comes to variety/availability of software.

@wiak :- I, too, would be curious to know what Tahrbaby thinks Windows can do that Linux can't. Should be an interesting reply!

Mike.

iTunes for one !
Cant find anything from Linux that actually works OOTB in that department.

[rockedge]

is there a list of what you and others think MSwindows is best for that Linux can't provide nowadays?

Tax software (United States) for the average user that is friendly to use.

[tosim]

@rockedge Have you looked into "Open Tax Solver"? I've played, a little bit, with it, but still a far cry from TurboTax.
However, for the past 2 years, 2 of my websites have offered TT through the at a slightly reduced price. You just work TT on-line,
and when it is complete, you can send it, print it, save a pdf of it.

[wiak]

Alas, accountants controlling this really. Tied into the likes of Xero subscription-based software. That's all cloud nowadays, not OS dependent. Yes smaller book-keeping a different matter.