The excitement surrounding the latest Windows operating system important release has many loyal consumers anticipating the upgrade from the software giant. And as with all other versions of the Microsoft Windows update, the release has created a scamming potential for dark web cyber hackers, who have been busy propagating fake Microsoft website themes, which are infiltrated with their malicious information stealers.
A report has surfaced showing that a group of dark web hackers, that operate on the deep web, have targeted Microsoft’s Windows 11 rollout. The cyber criminals have lured unwitting users into downloading a bogus Windows 11 theme, with the fake webpage containing a malicious link that directs users to the potential danger.
The fraudulent threat branded as ‘Inno Stealer’ has previously been used by dark web hackers to snatch relevant private data from some of the top web browsers. And has also been featured in the theft of numerous cryptocurrency wallets’ theft.
Phony Upgrade Campaign Revealed
Cyber security analysts have discovered the aggressive hacking campaign and revealed collected data about the phony upgrade campaign. The threat actors have used search engine poisoning to promote their fake website that looks like the advertisement webpage for Windows 11. And with the latest scam, they are able to harvest private data with their information snatching virus.
The dark web hackers mode of operation is to target individuals that are eager to install Windows 11. This interested group is more likely not to verify third-party sites, or even researching performance requirements, along with other safety verification. With that critical trove of info, hackers hope to capitalize on that group of individuals by setting up malicious websites to promote the bogus Windows 11 upgrade.
Also, the spoof site employs official Microsoft logos, favicons, and even a the identical Download Now button. However, the download is no longer available through TOR or other discreet VPNs’ secure connections. But if victims access an infected website via a direct link, they will end up receiving an ISO file containing the Inno stealer executable.
Inno Stealer’s Background
Because of the use of the Setup Windows installer, the attackers behind the whole initiative used a new malware called Inno Stealer. Notably, it is used by only a single group of hackers, as it shares no code with any other hacking communities.
The loader file is found in the Windows 11 setup EXE, and included in the ISO; it unloads a short term file named is-PN131[.]tmp and generates a whole other TMP file to which the loader keeps writing data. In addition, the loader which creates a new operation with the help of the Windows API assists to establish continuity by introducing an additional LNK file, thus planting four files.
Two of the files that were dropped are Windows Command Scripts that have been used to deactivate the Registry security. It can also uninstall security software, uninstall the shadow volume, and add specific exemptions to Defender.
Additionally, the third file is a direct communication utility that’s run with full system privileges. The fourth and final file is a VBA script necessary to operate the dfl[.]cmd.
Inno Stealer Targets Crypto Wallets
With its unique capabilities, it can infiltrate Chrome, Brave, Comodo, Opera, Vivaldi, Edge, 360 Browser, GeroWallet, BraveWallet, and GuildWallet. Those are just a few of the online browser platforms, and crypto wallets targeted by the dark web hacking group.
To be safe, cyber security analysts have warned consumers not to download ISO files from questionable sources, especially when performing major Operation System (OS) upgrades. The warning came as phishing scams launched by hackers increased, after the tech giant revealed information about the impending update. To securely update their Windows 11 software, Individuals must ensure that they visit the official Microsoft website to get the most up-to-date information on the new Windows 11 upgrade.