Attackers Disguise RedLine Stealer as a Windows 11 Upgrade

[LASER_oneXM]

Content source

https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/

Threat actors are always looking for topical lures to socially engineer victims into infecting systems. We recently analyzed one such lure, namely a fake Windows 11 installer. On 27 January 2022, the day after the final phase of the Windows 11 upgrade was announced, we noticed a malicious actor registered the domain windows-upgraded[.]com, which they used to spread malware by tricking users into downloading and running a fake installer. The domain caught our attention because it was newly registered, imitated a legitimate brand and took advantage of a recent announcment. The threat actor used this domain to distribute RedLine Stealer, an information stealing malware family that is widely advertised for sale within underground forums.

 

[wat0114]

So I guess since scripting is used, SWH or H_C could prevent this with the appropriate settings in place, Also. I wonder if malware authors are going to use very large file sizes more frequently as a way to avoid AV detection?

 

[Sorrento]

So I guess since scripting is used, SWH or H_C could prevent this with the appropriate settings in place, Also. I wonder if malware authors are going to use very large file sizes more frequently as a way to avoid AV detection?

Or even a modicum of intelligence?

 

[ItsReallyMe]

So I guess since scripting is used, SWH or H_C could prevent this with the appropriate settings in place, Also. I wonder if malware authors are going to use very large file sizes more frequently as a way to avoid AV detection?

how to configure AV to scan even larger files?

 

[Kongo]

Nice video about this type of malware and ways of reducing the file size of some malicious PE files in order to make it scannable by an AV or an malware analysis platform.

 

[wat0114]

Or even a modicum of intelligence?

Agreed, there is common sense and intelligence, but just in case someone screws up