The campaign appears to be a legitimate offer from Microsoft and it gives users the opportunity to upgrade to Windows 11 for free.

Unlike many campaigns of this type, this one distinguishes itself in that it does not rely on emails that spoof the Microsoft brand.  Rather, it leverages "poisoned" search results that leads a surfer to a site controlled by the hackers.

This page is a convincing replica of the official Microsoft promo page for Windows 11. Of course, it's got malicious code embedded in it and when the site visitor enters their personal information in order to receive a code for their free upgrade, all they're doing is handing that information straight to the hackers.

What's really going on here is that the hackers are taking advantage of the fact that the average user isn't aware of many of the details surrounding Windows 11.

For example, most end users are unaware of the fact that Windows 11 must meet certain very specific (and demanding) specifications. These include the fact that all legitimate upgrade tools will check to see if the user's machine supports TPM or Trusted Platform Mode (version 2.0) which is built into machines no older than four years of age.

Naturally, the poisoned installer makes no such distinction and will happily allow the user to install the malicious code on whatever machine they happen to be using.

The hackers behind this campaign are using a piece of malware dubbed "Inno Stealer" which does not have any code similarities to other strains of malware in the wild today. So apparently, it is custom work built either by or for the hackers currently using it.

The best and surest way to avoid being taken in by this campaign is to navigate to Microsoft's site direct by typing in the URL.  Don't rely on search result links to get you there and you should be fine.

Used with permission from Article Aggregator