'Windows 11 Alpha' malware attack tried to trick people out of financial data

News
By published

The "Windows 11 Alpha" malware campaign tried to take advantage of people who had just heard of Microsoft's new operating system.

Surface Laptop 4 Amd 2021 Display
Surface Laptop 4 Amd 2021 Display (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • A recently discovered malware attack attempted to trick people by claiming a file was made on "Windows 11 Alpha."
  • The attack contained malicious code within a Word document.
  • Security researchers claim that well-known cybercrime group FIN7 was likely behind the attack.

A Windows 11-themed malware campaign tried to trick people into activating malicious code on their PCs. The attack relied on people's lack of knowledge of Microsoft's upcoming operating system. The campaign used a Word document claiming to be made with "Windows 11 Alpha" and pushed people to perform steps to open it. Following these steps activated code that threat actors could use to steal people's financial information.

Anomali Security researchers discovered the attack and break down its technical components (via Bleeping Computer). The researchers claim that cybercrime group FIN7 is likely responsible for the malware campaign. The exact method of spreading the malicious file isn't confirmed at this time but is likely email phishing or spearphishing, according to Anomali.

The idea behind the attack is that if someone sees a document claiming to be made with Windows 11 Alpha, that they may need to perform steps to make the document compatible with older operating systems. This isn't the case, but many people won't be aware of that. As there are instances in which people need to convert genuine Word documents to make them compatible, many PC users are likely used to following prompts that look like those in this malware campaign.

Windows 11 Alpha Attack

Source: Anomali (Image credit: Source: Anomali)

If the code within the file was activated, the file downloaded a JavaScript backdoor. This let attackers obtain a payload on people's PCs. The FIN7 group has been credited with the theft of more than 15 million payment card records. The value of these records is roughly over $1 billion, according to eSentire.

The Windows 11 Alpha malware campaign appeared to have happened between late June and late July 2021, which lines up with Microsoft's official announcement of Windows 11. The attack likely rode the wave of interest about Microsoft's new operating system to take advantage of unsuspecting people.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.