Table of Contents 64q43
security analysts at HP identified a new scam that puts s of the newest operating system at risk Microsoft. According to information provided by experts, a fake windows 11 update would be infecting several devices with malware capable of stealing s and information. 1c4h24
Called Redline, the malware is known to steal s' sensitive information such as s, emails, bank details, credit cards and cryptocurrency wallets. Its use linked to scams with updates from the Windows 11 was identified for the first time on January 27th, the date on which the Microsoft released a major update to the operating system.
How works 2t841
To trick s, criminals created a fake website with the domain “windows-upgraded.com”. When accessing the address, s saw a page very similar to the official website of Microsoft. In it, the button “ Now” invited visitors to a supposed Installation Assistant for the Windows 11. When clicked, a file with the name “Windows11InstallationAssistant.zip” and 1,5MB in size was ed to the computer.
When unzipping it, a folder with about 700 MB and an executable inside it was made available to the . Upon clicking, a PowerShell process was launched, followed by a cmd.exe command-line tool process. Then a file with extension .jpg appeared on the device. In it, a modified DLL file was hidden to make it difficult to detect by security software. Once initialized, the DLL file, which was actually the RedLine malware, connected to a command and control server to receive further instructions from the criminals responsible for the attack.
familiar malware j91b
Despite the new tactic used by criminals, the Redline it's been around for a long time. Much marketed in forums and online communities, the malware has a method of operation that makes it difficult for security software to work. By having a reverse order content store, reading DLL files becomes almost impossible for antiviruses.
Experts claim that the domain was ed by a person situated in Moscow. The good news is that it is no longer available, having been deactivated shortly after the first reports emerged. However, other similar sites may appear, and you need to be careful not to fall into scams that can cause damage and headache.
Thus, it is recommended that the Windows update is always done directly by the Windows Update or through the official website of Microsoft. It is also important to avoid unknown links shared by apps, such as WhatsApp e Discord.
See also: 1ur5x
Not sure what to do to avoid having data leaked on the internet? Check out some tips to protect yourself from criminals who apply scams on the internet.
Source: PCWorld.
