BleepingComputer reports that threat actors have launched a new malicious campaign involving a fake malware-laced Windows 11 upgrade
aimed at exfiltrating cryptocurrency wallets and data from various browsers, including Google Chrome, Brave, Microsoft Edge, Opera, and Vivaldi.
Visiting the malicious website, windows11-upgrade11[.]com, through a direct connection will prompt the receipt of an ISO file with the new "Inno Stealer" malware, which leverages the Inno Setup Windows installer and is unique from other circulated info-stealers, a CloudSEK report revealed. Researchers noted that the ISO includes a Delphi-based loader file dubbed "Windows 11 setup," which then triggers the creation of .TMP files.
With the CreateProcess Windows API, the loader gains the capability to establish new processes and persistence, as well as dump four files, two of which facilitate the uninstallation of security products, disabling of Registry security, inclusion of Defender exceptions, and deletion of the shadow volume.
The report also detailed the multi-threaded network management and data-theft capabilities of Inno Stealer.