Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Windows 11 installer fake malware virus discord

Malware disguised as Windows 11 installer making rounds on Discord

Go directly to the software developers for downloads if you want to play it safe.

A dodgy Windows 11 installer has been making the rounds on Discord. Unfortunately for those Discord users who tried to get Microsoft’s new OS onto their computers, the Windows 11 installer turned out to be malware. It’s annoyingly good timing on the attacker’s part, as many are now taking the dive into Microsoft’s latest and greatest OS which released last October.

Recommended Videos

The attackers made a website that, on the surface, seems like the legitimate Windows 11 download page. It’s complete with the usual things you’d expect to see on the regular site. But, HP’s threat research team analyzed the site and discovered it was being used to distribute RedLine Stealer. This is malware that attempts to steal a user’s personal information, passwords, and more.

 

Malware disguised as a Windows 11 installer

The name of the installer is “Windows11InstallationAssistant.zip,” and it’s only 1.5MB in size when compressed. The file itself was hosted on Discord’s content delivery network. When unpacked, the folder holds several DLL files alongside the executable file, which is the real problem. The executable is 753 MB in size, and as HP’s threat research team pointed out, is one of the most alarming things. The compression ratio for the file is 99.8%, which is incredibly high. Suspiciously so, since the average compression ratio for zipped executables is 47%. The results indicate that the malicious executable “likely contains padding that is extremely compressible.”

Windows 11 malware virus discord

(Image credit: HP Wolf Security).

According to HP’s threat research team, the domain for the malicious website was registered on January 27. This was the day after the final phase of the Windows 11 upgrade was announced, which was strange timing indeed. The newness of the domain’s registration was one of the major tip-offs that this site was illegitimate. But, due to the timing of its appearance, it managed to lure some users in.

Discord tends to be a place where a lot of illegitimate files are shared. This is mainly due to the VoIP service’s popularity and how easy it is to share and download files. It isn’t inherently Discord’s fault as a platform, and it would be hard to police this sort of thing without affecting every user in a potentially negative way. Unfortunately, this double-edged sword makes it an easy target for attackers intent on stealing user data.

The fake Windows 11 installer that harbored malware makes for a good lesson in staying safe on the internet, even within the confines of Discord’s network. The bottom line here is to stay away from random download sources on the internet. It’s always going to be a risk, and it’s one that’s never worth taking. Wait for Windows 11 to support your PC officially and be sure to only use Microsoft’s official means of getting it.


PC Invasion is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Sam Robins
Sam Robins
Sam is a Contributing Writer at PC Invasion. For just over 5 years, he has been writing about all areas of gaming from news and guides, to reviews of the latest titles. When he's not writing, he's usually sinking time into an RPG or trying to convince his friends to play The Legends of Heroes series. He can usually be found lurking on Twitter (@GhoolyTV) most days.
twitter