Windows 11 Alpha malware: Your financial data might be at risk

A malware campaign based on Windows 11, “Windows 11 Alpha” attempted to lure users to install harmful software on their systems. The assault took advantage of people’s lack of knowledge about Microsoft’s upcoming operating system.


The campaign involved a Word document that claimed to have been created with “Windows 11 Alpha” and persuaded people to follow instructions to open it. These procedures activated code that might be used by threat actors to steal people’s financial information.


Researchers from security firm Anomali examined six macro code-laced Microsoft Word documents that all lured users into downloading a JavaScript backdoor that the attacker may then exploit to deliver any malicious payload.


The backdoor, according to Anomali, is similar to one exploited by the Eastern European threat outfit FIN7, which is claimed to have cost businesses approximately a billion dollars. According to Anomali, the exact method of distributing the malicious file is unknown at this moment, although it is most likely email phishing or spearphishing.



Windows 11 Alpha themed maldoc
Source: Anamoli



According to the report, when the tainted documents are opened, they display Windows 11 images with text, indicating that the document was created with the latest operating system, but it can’t be viewed due to a compatibility issue.


The game behind the operation is that if someone sees a document claiming to be created with Windows 11 Alpha, they may need to take steps to make the document compatible with previous versions of the operating systems. This is a deception to lure users into following the provided steps for enabling macro content, hence enabling the malicious documents in installing the backdoor.


The harmful code is obfuscated to prevent inspection, but the researchers were able to decode it and expose the deception. Surprisingly, the script is designed to self-destruct if the victim’s computer is configured to use Russian or a few other Eastern European languages, has less than 4GB of available RAM, or is a virtual machine (VM) instead of a physical computer.


The FIN7 organisation is accused of stealing over 15 million payment card information. According to eSentire, the worth of these records is around $1 billion. The Windows 11 Alpha malware campaign seemed to occur between late June and late July 2021, which corresponds to Microsoft’s public release of Windows 11. The attack most likely leveraged the wave of excitement around Microsoft’s new operating system to prey on the gullible.



You might also like:

FIN8 cybercrime group used Sardonic backdoor in a recent attack

LockFile ransomware hijacks Microsoft Exchange servers

Microsoft warns about phishing attack by Nobelium group spoofing USAID