Fake Windows 11 update websites are seen distributing malware

Fake Windows 11 Update Websites Distributing Malware

Since Windows has released its newest system version, Windows 11, threat actors have leveraged it to spread data-stealing malware that could affect users’ computers and compromise their privacy.

This new malicious campaign involves the threat actors establishing a fake Windows 11 update website that baits users to update their computers so that the malware called Inno Stealer would be installed into their machines.

The campaign also highlights those users who did not meet the minimum specifications requirement of Windows 11 can still update their computers with the help of the fake update website.


Since the new Windows 11 update comes with requirements that some systems cannot meet, the hackers leveraged the situation to lure them into an opportunity to “update” their computers, but their actual goal was to inject malware into them.


Based on the experts’ investigations, the fake update website looks legitimate appearance-wise. However, upon being thoroughly inspected, the site’s URL shows a fake Microsoft address cleverly designed to mislead people into believing that the entire site is authentic.

Upon clicking the ‘Download Now’ button, the website will begin downloading an ISO file that contains that dangerous Inno Stealer malware. Once the malware is installed, it will create temporary files that later produce processes that store four additional files.

These additional files include scripts that can disable security features like the Windows registry and Windows Defender, allowing the hackers to propagate their attacks more freely. The files can also modify default AV software inside the computer and delete other vital security tools.

Ultimately, the installed malicious files can run system commands at the highest privileges, including the data-stealing code titled Windows11InstallationAssistant[.]scr that will steal data from the victims’ browsers, stored passwords, other significant files, and crypto-wallets.

Since there are computers that do not meet the new update’s system requirements, many users will rely on other resources online. For this reason, experts highly advise that those who would use third-party websites must ensure that it is safe and legitimate. There are several tips online for learning if a website is a fake page to victimise people, which users can browse through and study.

Otherwise, the safest place to install updates on your Windows device is via Microsoft’s website, especially if your computer meets the system requirements.

About the author

Leave a Reply