Cybercriminals persuade unsuspecting users to install a fake upgrade to Windows 11, which in fact, copies malware into the system that steals data from the browser and information about cryptocurrency wallets.
The attackers’ campaign is currently active, so you should be especially vigilant about offers to upgrade the OS to Windows 11. Fraudsters promote their sites by copying the official Microsoft web page through search results.
As you know, a corporation from Redmond offers users a unique tool that will help you check your computer’s compatibility with the latest version of the operating system. The only condition to run this tool is to have Trusted Platform Module (TPM) version 2.0 installed on computers no older than four years.
The cybercriminals behind the fake upgrade are counting on potential victims not to bother with the requirements of Windows 11 but go straight to installing it. When writing, the malicious site was still functioning, and users could be misled by logos, the favicon icon, and the “download now” button.
By the way, this mentioned button does not work for those who sit through TOR or VPN. Instead, ordinary visitors receive an ISO file containing the info-stealer executable file. CloudSEK researchers named this malware “Inno-Stealer”.
Having made its way into the victim’s system, the malware begins collecting information from popular applications, including Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser, and Comodo browsers. Inno Stealer is also interested in the data of cryptocurrency wallets.
In addition, the info-stealer can launch additional malicious programs, but it does so only at night so as not to arouse the user’s suspicions. Inno Stealer may well pull information from the clipboard or replace it.