Avoiding the Fake Windows 11 Upgrade: What You Need to Know
Written on
Chapter 1 Understanding the Fake Upgrade Threat
The digital landscape is rife with threats, and one of the latest scams involves a deceptive Windows 11 upgrade.
In a previous article, I discussed Redline Malware, a malicious program that compromises your stored passwords. You can find that discussion here. This malware has now been cleverly packaged within a counterfeit Windows 11 upgrade.
Recent findings from the HP Threat Research team revealed a highly convincing fraudulent website pretending to be a Microsoft Windows 11 upgrade portal.
Section 1.1 The Scam Revealed
The hackers operated through a domain called “windows-upgraded.com,” which has since been taken down. However, they may have already transitioned to new domain variants that have yet to be uncovered.
Upon visiting this site, users are greeted with a striking imitation of the genuine Microsoft web page, complete with matching fonts, colors, and images. A prominent “download” button further entices potential victims.
In reality, clicking the button triggers the download of a file named “Windows11InstallationAssistant.exe.” This is not what it seems; it’s actually a .DLL (Dynamic Link Library) file designed to instruct Windows. To make things worse, the file is camouflaged as a JPEG image, misleading users into believing it’s harmless.
Subsection 1.1.1 Indicators of Compromise
HP Threat Research has provided valuable information regarding current malicious files associated with this scam, along with their hashes:
Windows11InstallationAssistant.zip
4293d3f57543a41005be740db7c957d03af1a35c51515585773cedee03708e54
Windows11InstallationAssistant.exe
b50b392ccb07ed7a5da6d2f29a870f8e947ee36c43334c46c1a8bb21dac5992c
Windows11InstallationAssistant.exe — no filler area
7d5ed583d7efe318fdb397efc51fd0ca7c05fc2e297977efc190a5820b3ee316
Win11.jpg
c7bcdc6aecd2f7922140af840ac9695b1d1a04124f1b3ab1450062169edd8e48
Win11_reversed.dll
6b089a4f4fde031164f3467541e0183be91eee21478d1dfe4e95c4a0bb6a6578
Section 1.2 The Payload
As I mentioned earlier, this is Redline Malware repackaged. Once it infiltrates your system, it methodically extracts your passwords, cookies, saved payment details, and even cryptocurrency wallet information if applicable.
The strict hardware requirements set by Microsoft for Windows 11 have inadvertently exacerbated this issue. Many Windows 10 machines are not officially supported for the upgrade, creating a lucrative opportunity for malicious actors to prey on users eager to upgrade.
Chapter 2 Safeguarding Against Fake Upgrades
The first video presents a real-time look at the Windows 11 update process, highlighting the potential pitfalls of fake upgrades.
The second video provides a step-by-step guide for installing Windows 11, emphasizing the importance of avoiding counterfeit versions.
What can you do?
If your hardware indicates incompatibility with Windows 11 via official channels, it's best to consult with your IT provider or continue using Windows 10.
Ensure that your IT team has incorporated zero-trust measures to help prevent the installation of fake upgrades. This strategy has already protected one of my clients from this serious threat. However, remember that no protection method is infallible; continuous oversight is essential.
I plan to send this blog post to all my clients with straightforward instructions. Moving forward, any existing machine should not accept the Windows 11 upgrade without prior approval from my organization after a thorough visual check.
Closing Note
I have been utilizing Windows 11 for several months now, both in beta and in its official release. Unless you have a specific need for Windows 11 that isn’t met by Windows 10, my advice is to stick with Windows 10 until Microsoft enforces the upgrade.
Creating these articles requires significant time and research. If you appreciate my insights, please consider following me and giving a clap. Thank you!