Malware that looks as the Windows 11 installer and is hosted on Discord

Instead of visiting any random website and downloading an installation, if you’re seeking for a technique to get around Microsoft’s Windows 11 system requirements, look no further than here. As was to be expected, scammers have already uploaded a fake Windows 11 installer to the internet, where they are infecting customers’ computers with malware while they attempt to install the latest operating system.

HP’s threat research team recently investigated a website with the domain name windows-upgraded[dot]com and discovered that it was attempting to distribute RedLine Stealer, a piece of malware with the goal of stealing user information.

According to the screenshot provided by HP (which I do not recommend you visit yourself), the website appears to be a mirror replica of Microsoft’s own Windows 11 installer website. In contrast, beneath the “Get Windows 11” banner, the “Download Now” button directs users to a malware installer stored on Discord’s content delivery network (CDN).

The installer is called Windows11InstallationAssistant.zip, and it’s only 1.5MB in size when compressed. The installer is available for download here. It consists of six Windows dynamic link libraries (DLLs), an XML file, and a portable executable file. Once uncompressed, the file has a size of 753MB, which may provide some insight into its bad intentions.

Because the zip file was just 1.5 MB in size when compressed, it has an excellent compression ratio of 99.8 percent, according to HP’s study team. “This is a significant increase over the average zip compression ratio for executables, which is 47 percent on average. In order to achieve such a high compression ratio, it is likely that the executable contains padding that is particularly compressible in nature. It’s easy to see this padding when looking at it in a code editor.”

In appearance, the padding appears as a collection of 0x30 byte codes, and it has no effect on the functioning of the file. If you have a large file, HP recommended that you use this feature to avoid being scanned by anti-virus software, which may not attempt to scan the entire file due to its size.

Upon execution of the file, the malware known as RedLine Stealer is downloaded and executed, with the goal of stealing user information, passwords, credit card data, and cryptocurrency wallets. Once this is accomplished, it will attempt to phone home to a certain IP address and provide this information to the attackers.

Malware that looks as the Windows 11 installer
Malware that looks as the Windows 11 installer and is hosted on Discord

According to HP, this threat is similarly comparable to another that the company investigated in 2021. Attackers utilized a similar spoof approach to set up a Discord webpage with a name that was closely comparable but mispelled in order to deceive users into downloading a potentially harmful installer that looked and behaved like it came from Discord. HP reports that the DNS servers, malware, and domain registrar used in this attack were the same as those used in the Windows 11 attack.

When it comes to Windows 11, there are several methods for downloading it safely. Microsoft is rolling out the new operating system, which was announced in October, to compatible PCs in stages. Having said that, not every PC will be able to run Windows 11, which is due to the operating system’s need on security-based system requirements.

For those who find themselves in this situation, with an older CPU that is not compatible with Windows 11, we do not recommend scouring the internet for a Windows 11 ISO or installer file. Alternative options include downloading and installing Windows 11 through Microsoft’s official download website, or utilizing a Windows 11 ISO or installation media. However, there are some reservations about this. As a result, Microsoft cannot ensure that you will receive crucial security upgrades in this manner, and you may be left with an insecure version of your operating system.

Therefore, the best course of action in terms of security is to wait until you can change your gear in the future. Windows 11 isn’t much of a shift from Windows 10, so you won’t be missing out on much other than rounded corners if you upgrade. Even DirectStorage, one of the most predicted gaming features in Windows 11, is expected to appear on Windows 10.

Malware that looks as the Windows 11 installer and is hosted on Discord
Malware that looks as the Windows 11 installer and is hosted on Discord

As a host and victim of malware, Discord – Windows 11 installer

Last year, the security company Sophos warned that Discord had become a breeding ground for viruses. According to the company’s data at the time, 4 percent of TLS-protected malware downloads originated from Discord, which provides a platform for bad actors to submit files and share them with others. Because of the popularity of this platform, it is anticipated that gamers would be excellent targets for malware on the service.

Discord is not the only platform capable of hosting malicious files. Any platform that has been created by users is vulnerable to exploitation. Unfortunately, Discord, the famous VoIP service, has expanded in popularity and scope to the point that it has become a target for both attackers trying to abuse its millions of users and those looking to exploit its content delivery network (CDN) for the purpose of hosting malware files.

Recently, security experts at RiskIQ, which is owned by Microsoft, detailed how Discord’s content delivery network (CDN) can and has been used to host numerous sorts of malware.

hxxps:/cdn.discordapp[.]com/attachments/ChannelID/AttachmentID/filename is a frequent approach for attackers to get malware onto customers’ systems, according to the research. Once this URL has been created, it can be used by an attacker to redirect a user from another, more legitimate-looking URL to a Discord server that contains malicious files.

One of the most common types of malware detected by RiskIQ was a malware, which was designed to scam a legitimate application or download. Take, for example, the previously mentioned Windows 11 installer download. However, it discovered evidence of 27 distinct malware kinds housed on Discord’s content delivery network (CDN).

Furthermore, scammers recently gained control of an NFT service’s vanity URL on Discord and redirected it to their own fake Discord server, posing as the NFT service itself. The problem here is that CryptoBatz simply changed their discord URL without updating all previous social media messaging to reflect the change, and the scammers then claimed the old URL as their own. It’s possible that the scammers made as much as $40,000 from just one incident.

Security researchers do their bit by reporting these concerns to Discord, and Discord is doing everything it can to combat malware as effectively as possible. However, where one door closes, another opens. Because this has been true since the invention of the computer, we recommend following established practices and exercising caution when dealing with unauthorised websites and downloads. It now appears that some caution should be exercised while using links in Discord servers.


Share post on
Talha Zaheer
By Talha Zaheer

Talha has a Bachelor's degree in software engineering. He currently manages beingknow full-time while also coding his own projects on the side. Getting into PC gaming there was a lot of information that was hard to understand so I made it my mission to make PC gaming easy!



Being Know is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

Intel’s flagship Raptor Lake CPU could run at up to 5.8GHz News

Intel’s flagship Raptor Lake CPU could run at up to 5.8GHz

Intel's flagship Raptor Lake CPU has the potential to run at speeds of up...

By Furqan
Updated
Intel is rumored to be returning to the HEDT market with Alder Lake-X News

Intel is rumored to be returning to the HEDT market with Alder Lake-X

There are rumblings that Intel may make a comeback in the high-end desktop computer...

By Furqan
Updated
Nvidia thinks its new Grace CPU will crush the competition News

Nvidia thinks its new Grace CPU will crush the competition

Nvidia believes that its Grace superchip will annihilate its competitors' efforts. Up to two...

By Furqan
Updated
AMD Radeon RX 6400 graphics cards are coming soon News

AMD Radeon RX 6400 graphics cards are coming soon

AMD Radeon RX 6400 graphics cards will be available in the near future. Expect...

By Furqan
Updated
Intel reveals an Arc graphics card, and it has 3×8-pin power connectors News

Intel reveals an Arc graphics card, and it has 3×8-pin power connectors

Intel reveals an Arc graphics card with three 8-pin power connectors, which is a...

By Furqan
Updated
According to reports, AMD Adrenalin software modifies user-configured BIOS CPU parameters News

According to reports, AMD Adrenalin software modifies user-configured BIOS CPU parameters

AMD Adrenalin software, according to reports, modifies the CPU settings set by the user...

By Furqan
Updated
Silverstone’s PS5 SSD heatsink is compatible with standard PC SSDs News

Silverstone’s PS5 SSD heatsink is compatible with standard PC SSDs

Silverstone's PS5 SSD heatsink makes standard PC SSDs compatible with the company's products. Upgrading...

By Furqan
Updated
AV1 encode and decode will be supported by Intel Arc GPUs News

AV1 encode and decode will be supported by Intel Arc GPUs

Intel Arc GPUs will be able to encode and decode AV1 video. The first...

By Furqan
Updated

Latest Posts

How to Fix Minecraft Not Update Error Learning Guides

How to Fix Minecraft Not Update Error

The process of updating is an essential component of a game. It is recommended...

By Furqan
Updated
Does CPU Affect FPS? Ultimate Guide 2022 Learning Guides

Does CPU Affect FPS? Ultimate Guide 2022

Do you wish to create a new computer, but your financial resources limit you?...

By Furqan
Updated
Best Gaming Monitors Under 300 Monitors

Best Gaming Monitors Under 300

Gaming monitors under $300? Pinch yourself to make sure this is real. We show...

By Furqan
Updated
Best AM4 CPU in 2022 CPUs

Best AM4 CPU in 2022

It's important to have a processor if you're building a gaming rig from scratch...

By Furqan
Updated
How To Fix Display Settings Could Not Be Saved | Ultimate Guide 2022 Learning Guides

How To Fix Display Settings Could Not Be Saved | Ultimate Guide 2022

Some crazed gamers are attempting to connect their computer to multiple Monitors at the...

By Furqan
Updated
Best Jogging Headphones in 2022 Headphones

Best Jogging Headphones in 2022

Do you want to listen to your favorite music while you jog? If so,...

By Furqan
Updated
Intel’s flagship Raptor Lake CPU could run at up to 5.8GHz News

Intel’s flagship Raptor Lake CPU could run at up to 5.8GHz

Intel's flagship Raptor Lake CPU has the potential to run at speeds of up...

By Furqan
Updated
Intel is rumored to be returning to the HEDT market with Alder Lake-X News

Intel is rumored to be returning to the HEDT market with Alder Lake-X

There are rumblings that Intel may make a comeback in the high-end desktop computer...

By Furqan
Updated