Fake Microsoft Site Distributes Bogus Windows 11

John Lister's picture

Security experts have reminded users to take extra care when sourcing installation files for Windows 11. A look-alike "Microsoft" site was actually distributing some nasty malware.

Normally such scams tend to mainly work on people who are either trying to get round paying for software or are trying to get early access without going through official test programs. That's not quite the case with Windows 11 where people running "incompatible" machines can still upgrade to the system by downloading official files and creating a USB installation.

However, when some people came looking for Windows 11 files, scammers targeted them. HP has detailed a scam with a website at the address windows-upgraded.com. Other than the address, everything on the site was an exact copy of the official Microsoft Windows 11 web page.

Highly Compressed Booby-trap

Everything, that is, except for what users got when they clicked on the "Download Now" button. Instead of the actual upgrade installation file, they got a ZIP archive called "Windows11InstallationAssistant.zip" (Source: pcworld.com)

The scammers even made life convenient for people on slow connections as the ZIP file was a mere 1.5 MB. Its main content was an executable file called Windows11InstallationAssistant.exe which unzipped to 751 MB.

That huge compression ratio was because most of the supposed installation file was meaningless data designed to make the file bigger. HP believes that's partly to make it more credible to victims and partly to make it seem too large for some security tools to scan automatically. (Source: hp.com)

Passwords Targeted

As you may have guessed, running the executable didn't install Windows 11 but instead downloaded and opened what appeared to be a JPG image posing no threat. In fact it ran code that automatically replaced itself with malware called RedLine Stealer.

As the name suggests, this is extremely bad news as it not only collects and passed on data about the computer, but also looks for stored passwords and sensitive financial information on the computer.

The best advice is to think twice about the source of any downloaded software and, wherever possible, visiting software developer sites directly rather than following search engine results links.

What's Your Opinion?

Where do you usually source software? Are you happy to rely on Microsoft's automatic update tools? What steps do you take to verify files before running them?

Rate this article: 
Average: 4.3 (9 votes)


lgitschlag_3159's picture

Since I don't know the names of any software developers, I'm stuck using a search engine whose results I can't trust?
What a predicament.

hricjd_15677's picture

First I would have been suspicious with MicroSoft downloading a zip file for a Windows install. Going outside of the normal Windows install would have set off alarms with me. That being said why is MicroSoft off the hook for not hunting down and preventing fake sites ? When I walk into Wallmart or Target I expect it to be an official company. The same applies to the web. Like noted in the article the look and feel of the website was identical to the real site. This is an integrity issue not only to MicroSoft. It is an integrity issue to the entire web computing ecosphere. And it is obvious no one is policing this integrity. The other issue this highlights is the trust and verification issue for installing any executable to our computing devices. Any software installed should be part of dual verification process. Installing software should contain a certificate of authenticity and the computing device should be verifying independently the certificate of authenticity as part of the installation. Software installation is not the same as changing an airfilter or a set of brakes. Software can contain malware. It should never be installed unless the installation process on the target computing device certifies the software is authentic and safe.

Chief's picture

You answered your own question.

"When I walk into Wallmart or Target I expect it to be an official company."

Obviously, if you go to Microsoft, you're not expecting Home Advisor!

Getting rid of bogus websites takes time and energy - don't expect the real sites to "get rid of them" instantly.

Caveat Emptor!