Hacker forged Windows 11 upgrade website to trick users to download the virus

forged Windows 11 upgrade website
The Inno Stealer's infection chain (CloudSEK)

Previously, after Microsoft launched Windows 11, it attracted the attention of many users and set off an upgrade boom. Hackers will naturally not miss this opportunity to spread the virus. At that time, hackers made phishing websites to induce users to click, and when users downloaded the so-called upgrade program according to the prompt, what they actually downloaded was a virus.

Unexpectedly, such phishing websites have begun to appear again, and network security company, CloudSEK has found in their daily monitoring that there are fake Windows 11 upgrade websites. Both the domain name and the content of this website are fake, and of course, the virus is also downloaded immediately, which is basically similar to the phishing website that appeared before.

Although the routines are similar, the new virus that appears this time is indeed very rich in functions. After running, multiple modules will be released to perform specific tasks in different categories. For example, there are modules for creating scripts to disable Registry security, add Defender exceptions, uninstall security products, and delete the shadow volume.
The purpose is to steal the user’s cryptocurrency, and hackers will hijack browsers and cryptocurrency wallets to steal the keys. Common browsers such as Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser, Comodo. etc. will be hijacked.

The Inno Stealer’s infection chain (CloudSEK)

To upgrade the system, the built-in check update function of the system is preferred. If this function cannot be upgraded, you can also use the official installation assistant provided by Microsoft. It is basically not recommended that users search for such content through search engines because it is easy to enter junk sites or phishing websites, and some phishing website users are difficult to distinguish.