Fake Windows 10 / 11 updates are circulating... and they don't mean you any good

Written by Guillaume
Publication date: {{ dayjs(1651075253*1000).local().format("L").toString()}}
Follow us
This article is an automatic translation

The phenomenon of malware, viruses and other Trojans does not seem to have any respite. So be careful.

Just a few days ago, we talked about Microsoft's continuous work to keep its operating systems up to date. This is an important activity for a vital piece of software and concerns both Windows 11 - which is very recent - and the aging Windows 10. The latter has just been upgraded to version 21H2, an opportunity for Microsoft to prove once again its commitment to an OS for which it intends to keep an eye on for at least several more years.

The problem is that alongside these official updates - which can be subject to bugs and failures, but are always offered "for a good cause" - there is a lot of malicious software that you should always be very careful about. For example, for some time now, fake installation files, mainly for Windows 11, have been circulating on the Internet, as CloudSEK's security specialists tell us, as reported by BleepingComputer. The bad guys behind these fake installation files are not new to the game, but the threats seem to be more numerous in recent weeks.

CloudSEK would like to warn Windows users about these fake sites that look as much as possible like trusted sites, in this case Microsoft and Windows. From there, they offer various files for system optimization - we are then rarely fooled - but also for the installation of updates, or even the evolution of the system as a whole. Files that, as you can imagine, are actually Trojan horses for particularly powerful malware.

An example of a bogus site to download the update to Windows 11

CloudSEK's specialists point out that this method of distribution allows the Inno Stealer malware to be deployed. The latter then slips into your operating system and after installing small files on your PC, it starts to disable the most sensitive features: it obviously attacks Microsoft Defender, but is also able to recognize and disable many other antivirus / security software.

The objective is obviously to recover as much personal data as possible that the user stores on his machine and, in particular, via his Web browser. Passwords and other security keys of cryptocurrency wallets are particularly sought after. In this area, the wallets most targeted by Inno Stealer are those of Bisq, Brave, Ronin or Wasabi, but others are obviously not excluded.

As always, in this kind of situation, the only precaution to take is caution. It's easy for us to say, but being careful when installing anything on your machine is the wisest advice: never click on a "download" link from an e-mail, always check that the site you're going to is an official one and, in the case of system updates, only use the Windows Update feature built into your operating system.