Beware Of This Windows 11 Alpha Malware Scam Targeting Unsuspecting PC Users
A notorious cyber-criminal group is believed to be responsible for a malicious Word document that attempts to lure victims by preying on their curiosity towards Windows 11, the next major operating system from Microsoft. The document began making the rounds in June, the same month a leaked Windows 11 ISO tipped up, followed by the first Insider Preview build being made available.
The leaked Windows 11 ISO showed up around the middle of June, and immediately drew interest because for many people, it provided a first real look at the upcoming OS. Adding to the interest, Windows 10 was supposed to be the last version of Windows ever, with recurring feature updates on a bi-annual basis (and of course monthly cumulative security roll outs). Then Windows 11 seemingly came out of nowhere.
It appears a hacking group known as FIN7 may have tried to capitalize on this by crafting several malicious Word documents purporting to be "made on Windows 11 Alpha." The documents are molded after the Windows 11 theme, and offer up supposed instructions on how to open them. In reality, following the instructions lets the malware get busy infecting a system.
Source: Anomali
Shown above is a screenshot depicting one of the malicious documents. It says, "To view this content, please check 'Enable editing' at the top in the yellow bar, and then click 'Enable content'," actions that would give it the proper security permissions to wreak havoc on a system. That includes downloading a JavaScript backdoor.
Once in place, an attacker could deliver more malicious payloads on the compromised system. This is a tactic that has been highly successful for FIN7, which is credited with stealing over 15 million payment card details and costing organizations around $1 billion.
The group has been active for the past six years and mostly focus on targets in the US, though not exclusively. According to Anomali, which detailed the Windows 11 Alpha malware, law enforcement arrested three members of the group on 2018, and also a "high-level organizer" this past April. Even so, FIN7 continues to operate.
It's not been confirmed how the Windows 11 Alpha documents are spread, but it's most likely through phishing emails. That's how these things are typically doled out. The good news is, practicing safe computing habits should keep you immune from this and similar threats. You know, like not downloading and/or opening unexpected email attachments.
The issue is, this amounts to a numbers game. It just takes one less savvy user on a network to compromise not only their own system, but other PCs as well. Stay safe out there, folks.
