A new Trojan program designed for data theft is spreading across the internet. The perpetrators are disguising their software like Windows 11 installers.
It is by no means unusual for malware to masquerade as well-known software to trick users in this way. This time, however, it was Windows 11's turn, which has the characteristic that it cannot be installed on all computers (among other things, because of TPM requirements). As a result, there is a demand for ways to install the latest version of Windows on older computers with little to no effort. Many people want a quick and easy solution without any complications. The scammers know this, too, promising that their website offers a fast download of Windows 11.
How does Inno stealer spread?
A malware program known as Inno Stealer was discovered and investigated by security experts at CloudSEK. Based on Delphi, the malicious software has components that are not previously known; however, the final goal did not cause much surprise to the specialists.
The Inno Stealer can execute multi-step attacks, making detection quite tricky. When the user downloads the offered ISO file from the fake website and opens it, multiple files are placed on the system. A “Windows 11 setup” executable is among the files, which launches a background process.
The malware may manipulate the registry database during an infection, expand the exceptions list for Defender security software, and disable security software.
This malware copies itself to a folder named “C:\Users\[…]\AppData\Roaming\Windows11InstallationAssistant” and then launches its payload via an SCR file. Its purpose is to steal data from the infected system.
Az Inno Stealer primarily enables the export of cookies and saved sensitive and authentication data from web browsers and supports cryptocurrency wallets. The data is copied to the user's TEMP folder, encrypted, and uploaded to the control server.
There are several ways to defend against possible attacks.
To protect against the Inno Stealer and other similar malware, keep your virus scanner up to date and practice safe browsing habits. It is never advisable to download installers from unknown sources.
Only purchase Windows 11 from the official Microsoft website. When browsing a website and entering data or downloading files, always verify that you are on an official and legal website. First and foremost, this can be done by examining the title and website certificate.