Windows 11 Alpha malware: Targeted for end users beware

A Windows 11-themed malware campaign has reportedly been discovered by security researchers at cybersecurity firm Anomali. Details around the Windows 11 Alpha campaign were first reported by Bleeping Computer, and according to the researchers, the cybercriminals are relying on a tried and test old hack for carrying out this campaign. It is the use of a Microsoft Word Document, which has been tainted with backdoor Javascript that could allow hackers to deliver and potentially run any other malicious code on the device.

According to the researchers, they have discovered six malicious Windows 11 Alpha-themed Word documents that are being used to drop “JavaScript payloads, including a Javascript backdoor.” Anomali also believes that the cybercriminals group FIN7 is likely behind the latest threat.

FIN7 is an Eastern European threat group, which targets organisations on a global scale, especially US organisations. According to researchers, this cybercrime group has been responsible for payment card thefts of more than 15 million, which has likely cost organisations more than $1 billion in losses.

According to Anomali, while they could not “conclusively identify the attack vector for this activity,” their analysis strongly suggests the attack vector was an email phishing or spearphishing campaign.

The campaign targets people who lack knowledge of Microsoft’s upcoming operating system. It reportedly uses a Word document, which is themed after Windows 11 Alpha, and asks users to perform steps to open it.

If a user doesn’t suspect anything fishy and performs the steps, then that will activate code, which will further allow threat actors to steal people’s financial information.

The Anomali Security researchers reported that one might see an image with Windows 11 Alpha, which will ask users to “Enable Editing” and “Enable Content” to begin the next stage of activity. Users will be asked to make the document compatible with the current operating system they are using.

But, there is no Windows 11 Alpha and if someone is not aware of this, the users might follow the prompt from the malicious campaign. The report asserts that for those who will follow the prompt, the code will get activated which will then download a JavaScript backdoor. This will allow attackers to obtain a payload on the PC, which could then be used to steal sensitive information, especially around debit or credit cards.

The security have also given a breakdown of its technical components. It should be noted that Windows 11 will release on October 5 and is currently available for Windows Insider Program members, developers, and beta testers.