Security experts are warning Windows users to be extremely cautious when downloading Windows 11 installation images.
It appears that a fake site has appeared that looks very similar to the original Microsoft website and is distributing bogus Windows 11 installation images which contain malware. Usually, these scams target users that are trying to avoid paying for the software or the ones who are trying to get early access to the latest versions. Fake sites usually look almost identical to the original Microsoft site except for the URL address.
The problems start with the Download Now button which redirects the users to a zip archive called “Windows11InstallationAssistant.zip” that contains bogus Windows 11 installation. Scammers have also made ZIP files for users with slow internet connections that are 1.5MB in size and contain only one executable file named Windows11InstallationAssistant.exe.
Running Windows11InstallationAssistant.exe will not start Windows 11 installation but instead will download a JPG image and run a code that will replace itself with the RedLine Stealer code. This is the same malware used to sweep users’ crypto wallets. RedLine Stealer malware is one of the most popular info stealers out there. It is capable of stealing entire identity info from browsers including saved passwords, credit card information, autocomplete forms, etc. It can also grab inventory data including username, location, hardware, and software details.
To be on the safe side, be very careful and always double-check the sources of Windows 11 installation files.