Malware that looks as the Windows 11 installer and is hosted on Discord

Instead of visiting any random website and downloading an installation, if you’re seeking for a technique to get around Microsoft’s Windows 11 system requirements, look no further than here. As was to be expected, scammers have already uploaded a fake Windows 11 installer to the internet, where they are infecting customers’ computers with malware while they attempt to install the latest operating system.

HP’s threat research team recently investigated a website with the domain name windows-upgraded[dot]com and discovered that it was attempting to distribute RedLine Stealer, a piece of malware with the goal of stealing user information.

According to the screenshot provided by HP (which I do not recommend you visit yourself), the website appears to be a mirror replica of Microsoft’s own Windows 11 installer website. In contrast, beneath the “Get Windows 11” banner, the “Download Now” button directs users to a malware installer stored on Discord’s content delivery network (CDN).

The installer is called Windows11InstallationAssistant.zip, and it’s only 1.5MB in size when compressed. The installer is available for download here. It consists of six Windows dynamic link libraries (DLLs), an XML file, and a portable executable file. Once uncompressed, the file has a size of 753MB, which may provide some insight into its bad intentions.

Because the zip file was just 1.5 MB in size when compressed, it has an excellent compression ratio of 99.8 percent, according to HP’s study team. “This is a significant increase over the average zip compression ratio for executables, which is 47 percent on average. In order to achieve such a high compression ratio, it is likely that the executable contains padding that is particularly compressible in nature. It’s easy to see this padding when looking at it in a code editor.”

In appearance, the padding appears as a collection of 0x30 byte codes, and it has no effect on the functioning of the file. If you have a large file, HP recommended that you use this feature to avoid being scanned by anti-virus software, which may not attempt to scan the entire file due to its size.

Upon execution of the file, the malware known as RedLine Stealer is downloaded and executed, with the goal of stealing user information, passwords, credit card data, and cryptocurrency wallets. Once this is accomplished, it will attempt to phone home to a certain IP address and provide this information to the attackers.

Malware that looks as the Windows 11 installer
Malware that looks as the Windows 11 installer and is hosted on Discord

According to HP, this threat is similarly comparable to another that the company investigated in 2021. Attackers utilized a similar spoof approach to set up a Discord webpage with a name that was closely comparable but mispelled in order to deceive users into downloading a potentially harmful installer that looked and behaved like it came from Discord. HP reports that the DNS servers, malware, and domain registrar used in this attack were the same as those used in the Windows 11 attack.

When it comes to Windows 11, there are several methods for downloading it safely. Microsoft is rolling out the new operating system, which was announced in October, to compatible PCs in stages. Having said that, not every PC will be able to run Windows 11, which is due to the operating system’s need on security-based system requirements.

For those who find themselves in this situation, with an older CPU that is not compatible with Windows 11, we do not recommend scouring the internet for a Windows 11 ISO or installer file. Alternative options include downloading and installing Windows 11 through Microsoft’s official download website, or utilizing a Windows 11 ISO or installation media. However, there are some reservations about this. As a result, Microsoft cannot ensure that you will receive crucial security upgrades in this manner, and you may be left with an insecure version of your operating system.

Therefore, the best course of action in terms of security is to wait until you can change your gear in the future. Windows 11 isn’t much of a shift from Windows 10, so you won’t be missing out on much other than rounded corners if you upgrade. Even DirectStorage, one of the most predicted gaming features in Windows 11, is expected to appear on Windows 10.

Malware that looks as the Windows 11 installer and is hosted on Discord
Malware that looks as the Windows 11 installer and is hosted on Discord

As a host and victim of malware, Discord – Windows 11 installer

Last year, the security company Sophos warned that Discord had become a breeding ground for viruses. According to the company’s data at the time, 4 percent of TLS-protected malware downloads originated from Discord, which provides a platform for bad actors to submit files and share them with others. Because of the popularity of this platform, it is anticipated that gamers would be excellent targets for malware on the service.

Discord is not the only platform capable of hosting malicious files. Any platform that has been created by users is vulnerable to exploitation. Unfortunately, Discord, the famous VoIP service, has expanded in popularity and scope to the point that it has become a target for both attackers trying to abuse its millions of users and those looking to exploit its content delivery network (CDN) for the purpose of hosting malware files.

Recently, security experts at RiskIQ, which is owned by Microsoft, detailed how Discord’s content delivery network (CDN) can and has been used to host numerous sorts of malware.

hxxps:/cdn.discordapp[.]com/attachments/ChannelID/AttachmentID/filename is a frequent approach for attackers to get malware onto customers’ systems, according to the research. Once this URL has been created, it can be used by an attacker to redirect a user from another, more legitimate-looking URL to a Discord server that contains malicious files.

One of the most common types of malware detected by RiskIQ was a malware, which was designed to scam a legitimate application or download. Take, for example, the previously mentioned Windows 11 installer download. However, it discovered evidence of 27 distinct malware kinds housed on Discord’s content delivery network (CDN).

Furthermore, scammers recently gained control of an NFT service’s vanity URL on Discord and redirected it to their own fake Discord server, posing as the NFT service itself. The problem here is that CryptoBatz simply changed their discord URL without updating all previous social media messaging to reflect the change, and the scammers then claimed the old URL as their own. It’s possible that the scammers made as much as $40,000 from just one incident.

Security researchers do their bit by reporting these concerns to Discord, and Discord is doing everything it can to combat malware as effectively as possible. However, where one door closes, another opens. Because this has been true since the invention of the computer, we recommend following established practices and exercising caution when dealing with unauthorised websites and downloads. It now appears that some caution should be exercised while using links in Discord servers.


Share post on
Jennifer
By Jennifer

Jennifer is an expert in computers. She developed a fascination for reviewing the most recent technological gadgets. She enjoys going through each and every piece of Hardware.



Being Know is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

Apple M2 Specifications, Price, Release Date, and Benchmarks News

Apple M2 Specifications, Price, Release Date, and Benchmarks

Here is everything we know so far about Apple's upcoming Apple M2 CPU, including...

By Anthony
Updated
Overclocker pushes Raspberry Pi CM4 to 2.5GHz News

Overclocker pushes Raspberry Pi CM4 to 2.5GHz

When it comes to desktop PCs, you will have a hard time finding a...

By Anthony
Updated
Nvidia GeForce RTX 3060 8GB With 128-Bit Memory Bus Now Available News

Nvidia GeForce RTX 3060 8GB With 128-Bit Memory Bus Now Available

A GPU with a memory bus that is significantly reduced in size. Only 8...

By Anthony
Updated
Where to Buy Nvidia RTX 4090 Card News

Where to Buy Nvidia RTX 4090 Card

You will have a hard time finding an Nvidia RTX 4090 Card in stock,...

By Anthony
Updated
Intel’s flagship Raptor Lake CPU could run at up to 5.8GHz News

Intel’s flagship Raptor Lake CPU could run at up to 5.8GHz

Intel's flagship Raptor Lake CPU has the potential to run at speeds of up...

By Anthony
Updated
Intel is rumored to be returning to the HEDT market with Alder Lake-X News

Intel is rumored to be returning to the HEDT market with Alder Lake-X

There are rumblings that Intel may make a comeback in the high-end desktop computer...

By Anthony
Updated
Nvidia thinks its new Grace CPU will crush the competition News

Nvidia thinks its new Grace CPU will crush the competition

Nvidia believes that its Grace superchip will annihilate its competitors' efforts. Up to two...

By Anthony
Updated
AMD Radeon RX 6400 graphics cards are coming soon News

AMD Radeon RX 6400 graphics cards are coming soon

AMD Radeon RX 6400 graphics cards will be available in the near future. Expect...

By Anthony
Updated

Latest Posts

Nvidia Image Scaling vs DLSS | Which one is Better in 2023? Learning Guides

Nvidia Image Scaling vs DLSS | Which one is Better in 2023?

Most of the people wanted to know that in between Nvidia Image Scaling vs DLSS,...

By Jennifer
Updated
ViewSonic VX2452MH | Best Review Reviews

ViewSonic VX2452MH | Best Review

ViewSonic VX2452MH is a 24-inch widescreen monitor with a full HD 1080p resolution, making...

By Anthony
Updated
Enable Nvidia Image Scaling? Best Guide 2023 Learning Guides

Enable Nvidia Image Scaling? Best Guide 2023

Nvidia has just unveiled a new upscaling capability sort of. It's called Nvidia Image Scaling....

By Jennifer
Updated
Best Graphics Card under $300 in 2023 Graphics Card

Best Graphics Card under $300 in 2023

You've come to the correct spot if you're seeking for the Best Graphics Card...

By Anthony
Updated
AMD FSR vs Nvidia DLSS | Best Guide 2023 Learning Guides

AMD FSR vs Nvidia DLSS | Best Guide 2023

In this article, we will discuss the compression between AMD FSR vs Nvidia DLSS so that...

By Anthony
Updated
Best Gaming Monitors Under 300 in 2023 Monitors

Best Gaming Monitors Under 300 in 2023

Low-priced displays for gamers? Do a pinch test to be sure you are not...

By Anthony
Updated
Apple M2 Specifications, Price, Release Date, and Benchmarks News

Apple M2 Specifications, Price, Release Date, and Benchmarks

Here is everything we know so far about Apple's upcoming Apple M2 CPU, including...

By Anthony
Updated
How to Flatten a Mousepad in No Time: A Step-by-Step Guide Mouse

How to Flatten a Mousepad in No Time: A Step-by-Step Guide

Do you have any difficulty moving the mouse across the mousepad? Then your mouse...

By Jennifer
Updated