Days after Microsoft announced its latest Windows 11 OS in June, many excited fans were desperate to get their hands on it. Microsoft announced the final stage of Windows 11 availability – January 26. Sensing an opportunity here, an anonymous user ran a fake Windows 11 campaign the very next day to spread malware. The fake website was a well-thought-out and a processed replica of Microsoft.

Keen-eyed viewers at HP quickly discovered the malicious activity and reported the exhaustive analysis in a research report. The report breaks down the entire campaign – a Windows 11 clone page redirecting users to a RedLine Stealer installer that steals valuable information like credit card details, saved credentials, autocomplete data, and cryptocurrencies. We’ll come back to the RedLine Stealer section later.

Read More: OnePlus TV Y1S 32-inch and 43-inch Renders Leak Out Ahead of February 17th Launch

The HP report also mentions similar activity that took place in December 2021, where a campaign launched a malware campaign to download Discord – a popular messaging service. In addition, the report also mentioned that the same RedLine Stealer was used to steal data under the domain – Discodeap[.]com. Both the domain windows upgraded and disco app used the same domain registrar, DNS server, and chose the RedLine Stealer tool. Don’t worry, this is our blog post and not a malware tool that steals your valuable data.

What is a redline stealer?
RedLine Stealer is a malware that can be purchased for $100/$150 (approximately Rs. 8,000/11,000) depending on the version or for a subscription of $100 per month (approximately Rs. This malware collects data from the browser such as stored passwords, autocomplete data, credit card information, and even cryptocurrencies. When executing on the target machine, system data is collected, including information such as logins, location data, hardware configuration, and information about installed security software.