{"id":1912,"date":"2022-02-15T13:20:43","date_gmt":"2022-02-15T20:20:43","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=1912"},"modified":"2022-02-15T13:20:46","modified_gmt":"2022-02-15T20:20:46","slug":"the-internets-latest-mimic","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/02\/15\/the-internets-latest-mimic\/","title":{"rendered":"The Internet’s Latest Mimic"},"content":{"rendered":"\n

Recently, installers claiming to offer users an upgrade to Windows 11 have been appearing, mimicking the appearance of the official Microsoft website, but hidden behind their download buttons is a zip archive of malicious files containing a malware called RedLine.<\/p>\n\n\n\n

\"\"
Fake Windows 11 website hosted on windows-upgraded.com. (Source: HP<\/a>)<\/figcaption><\/figure>\n\n\n\n

These websites appeared after the recent Microsoft announcement that they were advancing the pace of the rollout of Windows 11\u2019s broad deployment phase due to high demand and an upgrade rate twice what was seen for Windows 10. This suggested that the attackers were anticipating such an announcement to come from Microsoft, and had been lying in wait for a spike in demand for the new version of the OS.<\/p>\n\n\n\n

What is RedLine?<\/strong><\/h3>\n\n\n\n

RedLine, more formally known as RedLine Stealer, is a password grabber that sits in the background and monitors the autocomplete fields of your browsers for data such as passwords, credit card information, and other saved credentials. It is widely available on underground forums, and even offers a monthly subscription for updates. Since initial development, it has also gained the ability to steal cryptocurrency from devices it has infected.<\/p>\n\n\n\n

RedLine isn\u2019t exactly new, and has been around since long before these fake Windows installers. The earliest mentions of RedLine were in early 2020, associated with a fake email campaign for the Folding@Home application, which allows users to volunteer processing power for medical research.<\/p>\n\n\n\n

According to the Have I Been Pwned<\/em> data breach monitoring service, as of the end of 2021, 441 thousand accounts have been stolen by RedLine, through various phishing campaigns, YouTube scams, and fake websites.<\/p>\n\n\n\n

Through monitoring of dark web data market sites such as \u20182easy\u2019, it has been determined that around half of sellers are using RedLine as their information grabbing malware of choice, or as part of a set.<\/p>\n\n\n\n

\"\"
Purchased RedLine log archive contents. (Source: Bleeping Computer<\/a>)<\/figcaption><\/figure>\n\n\n\n

How can I tell if I\u2019m using a legitimate website?<\/strong><\/h3>\n\n\n\n

Given the history of RedLine, as well as the recent appearance of the fake Windows 11 installers, it is likely that more fake sites containing RedLine or other malware like it are on their way.<\/p>\n\n\n\n

Some good methods for protecting yourself from fake sites are as follows:<\/p>\n\n\n\n