HP researchers are reporting Attackers Disguise RedLine Stealer as a Windows 11 Upgrade. Windows 10 users are being duped into downloading a fake Windows 11 installers that are being used to spread the info-stealing RedLine malware. Excerpt:
On 27 January 2022, the day after the final phase of the Windows 11 upgrade was announced, we noticed a malicious actor registered the domain windows-upgraded[.]com, which they used to spread malware by tricking users into downloading and running a fake installer.
The attackers copied the design of the legitimate Windows 11 website, except clicking on the “Download Now” button downloads a suspicious zip archive called Windows11InstallationAssistant.zip. The file was hosted on Discord’s content delivery network.