Fake domains offer Windows 11 installers – but deliver malware instead

Security researchers have discovered a new collection of phishing domains offering fake Windows 11 installers that actually deliver information-stealing malware.

Cybersecurity firm Zscaler said newly registered domains appeared in April 2022 and were designed to mimic the legitimate Microsoft Windows 11 operating system download portal.

“Warez” sites, which contain pirated material, including software and games, are known to be hotbeds of malware packages, including trojans, infostealers, adware, and malicious software.

TO SEE: Microsoft warns: This botnet has new tricks to attack Linux and Windows systems

Types of pirated software are offered for free, and users who download the software usually try to avoid paying for software licenses or game content. A quick scan of active warez sites reveals lists of Windows, macOS, and Linux applications, including various Adobe ones Photoshop applications creative applications, enterprise versions of Windows software and a variety of movies and games.

However, if you take the risk of downloading, you risk exposing your computer to infection – and the same is true if you download software you trust from a suspicious web address.


Image: Zscaler

In the case documented by Zscaler, attackers distribute Vidar via phishing and social networks, including Mastodon, which are commonly used to facilitate attacks.

Mastodon is open-source decentralized software used to power self-hosted social networks. In two cases, the cyber criminals created new user accounts and saved command and control (C2) server addresses in their “Profile” sections.

In a new development, the Vidar group also opens Telegram channels with the same C2 deposited in the channel description. This allows malware implanted on vulnerable systems to retrieve the C2 configuration from these channels.

Vidar is a malicious form of malware that can spy on users and steal their data, including operating system information, browsing history, online account credentials, financial data, and various cryptocurrency wallet credentials. Vidar will also be released via the Fallout Exploit Kit.

TO SEE: Cloud Computing Security: New policies aim to protect your data from cyber attacks and security breaches

While the fake website pretends to be the official download portal, the malicious file offered is an .ISO file that hides the Vidar payload and contains Themida. A static configuration is used to access C2, but social media profiles can also be used as backup URLs.

In addition to .ISO files distributed as fake Windows 11 installers, Zscaler has also uncovered a GitHub repository storing stolen versions of Adobe Photoshop, another popular option for warez sites.

The best way to mitigate the risk of Vidar is to only download software from official, trusted domains – and not give in to the lure of free and pirated software.

“Threat actors distributing Vidar malware have demonstrated the ability to trick victims into installing the Vidar thief using themes related to the latest popular software applications,” the researchers note. “As always, users should exercise caution when downloading software applications from the Internet.”

Previous and related coverage

Do you have any advice? Get in touch securely via WhatsApp | Signal to +447713 025 499 or more to Keybase: charlie0

#Fake #domains #offer #Windows #installers #deliver #malware

Leave a Comment

Your email address will not be published.