Attackers Disguise RedLine Stealer as a Windows 11 Upgrade

Threat actors are always looking for topical lures to socially engineer victims into infecting systems. HP researchers recently analyzed one such lure, namely a fake Windows 11 installer. On 27 January 2022, the day after the final phase of the Windows 11 upgrade was announced, HP researchers noticed a malicious actor registered the domain windows-upgraded[.]com, which they used to spread malware by tricking users into downloading and running a fake installer. The domain caught the researcher's attention because it was newly registered, imitated a legitimate brand and took advantage of a recent announcment. The threat actor used this domain to distribute RedLine Stealer, an information stealing malware family that is widely advertised for sale within underground forums.