How Windows 11 Alpha Malware Works
Hackers, as usual, are taking advantage of people’s ignorance about this new system to be able to deceive them, make them download malware from the Internet, and take control of the PC and all the victim’s data.
Taking advantage of the tests that Microsoft is carrying out of its system, this group of hackers distributes a document supposedly created with Windows 11 Alpha. And, to be able to open it in older versions of the OS, it is necessary to carry out a series of steps that the document itself indicates. By performing these steps, malicious code is executed (hidden by macros) on our computer. And with it, hackers get full control over the PC.
Some fun facts about malware are:
- It detects the system language, and if it is Russian, Ukrainian, Moldovan, Sorbian, Slovak, Slovenian, Estonian or Serbian, the malware stops.
- Detects if it is running in a virtual machine, and kills the process to avoid being scanned.
- If there is less than 4GB of RAM, it doesn’t work.
- Use LDAP to validate the RootDSE.
How to protect ourselves from this new campaign
At the moment it is not known exactly how this malicious document is distributed, although everything indicates that it does so via email. Since he began his adventures, in July of this year, it is believed that more than 15 million bank details have been stolen, which would have worth a billion dollars.
To protect ourselves from this campaign, the most important thing is to know it. Windows 11 Alpha doesn’t really exist. Also, any document that we create in Windows 11 will be seamlessly supported in Windows 10, as long as we use an up-to-date and supported version of Word. The Windows version does not affect the compatibility of a Word document at any time.
Of course we must always distrust by default, especially what comes to us through email. We should never download and execute any attachment in an email if we are not 100% sure that it has actually been sent by a known person. Otherwise, it can be really expensive.