Cybercrimes have seen an increase during the pandemic with different types of attacks such as phishing, ransomware, and crypto scams. In a new campaign that has come to light, a fake Windows 11 upgrade site is being used to attack victims and collect their web browser cookies and other stored credentials, including data from cryptocurrency wallets as well as the file system.
Windows 11 is the latest version of Microsoft’s desktop operating system after Windows 10. However, Microsoft has pushed out the new OS with stringent system requirements making it difficult for users to switch to the new update. Desperate for the latest OS, several users have been trying to look for all workarounds and ‘cracked’ files to install Windows 11, giving cyber attacks plenty of target to prey upon.
According to security researchers at CloudSEK, the malware can steal data from web browsers and crypto-wallets. The fake website engineered by attackers had identical looking logos, fonts and design similar to Microsoft’s original upgrade site. It should be noted the website has currently being removed.
As per Bleeping Computer, the fake site promises users to get Windows 11 installed on even unsupported device. As soon as a victim clicks on the link, a malware loaded ISO file is downloaded. The researchers named the new malware ‘Inno Stealer’ as it uses the Inno Setup Windows Installer.
Once the malware is install, it starts disabling Windows security features such as Registry security, disabling Windows Defender antivirus and even third party security programs from Emisoft and ESET.
After disabling all the security features, the malware then runs a malicious program named ‘Windows11InstallationAssistant.scr’ that contains the malicious code designed to steal all the sensitive data.
The researchers note that the malware can read information from web browsers, including stored cookies, login credentials and even gain access to your crypto wallet ‘seedphrase’ (password) and steal your cryptocurrency and NFTs.
The report mentions that most browsers including Chrome, Edge, Opera, Vivaldi, Comodo, Brave, Torch, are vulnerable to the Inno Stealer malware except Mozilla FireFox.
The researchers recommend that users should only download ISO files from Microsoft’s official website. Major OS upgrades should only be performed from within your Windows 10 control panel or get the installation files straight from the source.
Meanwhile, an FBI report said that 2021 was an exceptionally bad year for cybercrime victims, with people reportedly losing almost $7 billion to online attacks and scams.