New malware infects PCs through fake Windows 11 download page

Reading time icon 3 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Attackers are desperate to fool anyone and will try to spread malware in all possible ways. After the Telegram-like malware reported last week, a new malware known as “Inno Stealer” (since it utilizes Inno Setup Windows installer) is now infecting different PC users. The malware originates from a campaign that uses a fake Windows 11 download page that installs it on machines. 

You can fall victim to this trap through poisoned search results that will lead you to the fake Windows 11 page. The problem with it is that the entirety of the posing download page seems realistic due to the downloaded images (Microsoft logos and favicons) and details from the original Windows page. This can be a dangerous place for individuals who are not knowledgeable enough about the right standards and minimum requirements of Windows 11. It also targets a broad number of browsers and crypto wallets. Bleeping Computer says that there are 35 web browsers and 39 crypto wallets being targeted by Inno Stealer.

list of web browsers targeted by Inno Stealer malware
Browsers targeted by Inno Stealer (Credits to CloudSEK via Bleeping Computer)
list of Crypto wallets targeted by Inno Stealer malware
Crypto wallets targeted by Inno Stealer (Credits to CloudSEK via Bleeping Computer)

The page presents a “Download Now” button that will invite unknowing individuals to click. When the person uses the button, the page will download and install the malicious EXE file to the PC. This malware in this campaign can be tricky as it can evade the protection and security of the Defender and even uninstall security products and perform other strategies to get into one’s machine.

After successfully infiltrating the PC, Inno Stealer will acquire web browser data, saved credentials, and cryptocurrency wallet data. This is where things will get worse as it can bring bigger damage to you in a variety of ways.

Inno Stealer is not the first malware to infect machines through fake Windows 11 download pages, and there will probably be more pieces of malware in the future that will try the same tactic. With this, it is important to be more careful of the pages you are visiting. If you plan to update your OS, make sure to have the right page and scrutinize the details. Most of all, be sure to protect your PC with powerful antivirus software with all the essential updates needed. It will also be helpful not to download ISO files from unfamiliar sources and do the upgrade inside your control panel.

User forum

0 messages