'Windows 11 Alpha' malware attack tried to trick people out of financial data

Surface Laptop 4 Amd 2021 Display
Surface Laptop 4 Amd 2021 Display (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • A recently discovered malware attack attempted to trick people by claiming a file was made on "Windows 11 Alpha."
  • The attack contained malicious code within a Word document.
  • Security researchers claim that well-known cybercrime group FIN7 was likely behind the attack.

A Windows 11-themed malware campaign tried to trick people into activating malicious code on their PCs. The attack relied on people's lack of knowledge of Microsoft's upcoming operating system. The campaign used a Word document claiming to be made with "Windows 11 Alpha" and pushed people to perform steps to open it. Following these steps activated code that threat actors could use to steal people's financial information.

Anomali Security researchers discovered the attack and break down its technical components (via Bleeping Computer). The researchers claim that cybercrime group FIN7 is likely responsible for the malware campaign. The exact method of spreading the malicious file isn't confirmed at this time but is likely email phishing or spearphishing, according to Anomali.

The idea behind the attack is that if someone sees a document claiming to be made with Windows 11 Alpha, that they may need to perform steps to make the document compatible with older operating systems. This isn't the case, but many people won't be aware of that. As there are instances in which people need to convert genuine Word documents to make them compatible, many PC users are likely used to following prompts that look like those in this malware campaign.

Windows 11 Alpha Attack

Source: Anomali (Image credit: Source: Anomali)

If the code within the file was activated, the file downloaded a JavaScript backdoor. This let attackers obtain a payload on people's PCs. The FIN7 group has been credited with the theft of more than 15 million payment card records. The value of these records is roughly over $1 billion, according to eSentire.

The Windows 11 Alpha malware campaign appeared to have happened between late June and late July 2021, which lines up with Microsoft's official announcement of Windows 11. The attack likely rode the wave of interest about Microsoft's new operating system to take advantage of unsuspecting people.

Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_. 

Read more
Binary code displayed on a laptop screen and Guy Fawkes mask are seen in this illustration photo.
Microsoft blocks critical Secure Boot loophole after over 7 months — fortifying Windows 11 against sophisticated firmware attacks camouflaged as verified UEFI apps
Microsoft CEO Satya Nadella in front of the Microsoft Copilot AI logo.
Windows 11 pirates have a new and unlikely ally — Microsoft Copilot
Microsoft Edge Scareware blocker
How to enable Edge's Scareware blocker and protect yourself from online scams
Windows 11 Taskbar closeup
Windows 11 hits a new market share milestone as Windows 10's death looms on the horizon
Windows 11 Defender file manual scan
How to scan files manually for virus infection on Windows 11
Windows Copilot key
Is this Windows 11 'bug' the feature we've been waiting for? Say goodbye to Copilot (for now)
Latest in Windows 11
Photo of Microsoft's new sign-in page for Xbox.com using the Microsoft Edge browser.
Over one billion users will get a new Microsoft user experience, and it has a dark mode
Windows 11 answer file
How to easily create an unattended answer file for Windows 11
Windows Update
Microsoft begins testing next phase of Windows 11 — Dev Channel to flight new platform changes
Windows 11 Search
Copilot+ PCs' first must-have feature is just around the corner
Themes section of the Microsoft Store on Windows 11
Two of my least favorite things about the Microsoft Store are about to get fixed
Surface Laptop 7
Amazon warns Surface Laptop 7 shoppers as Mojang unveils massive visual update to Minecraft and Microsoft leaks a potential new feature for the Xbox app on Windows 11
Latest in News
Call of Duty: Black Ops 6 Zombies mode screenshots for Shattered Veil map.
The next Call of Duty Zombies map, "Shattered Veil", is dropping earlier than expected
Helldivers 2
The new Helldivers 2 Illuminate Major Order is so important that we got a new stratagem for it
Hogwarts Legacy troll hero image
Hogwarts Legacy DLC reportedly canceled by WB Games
Tom Clancy's Rainbow Six Siege
Rumored Ubisoft and Tencent agreement comes to fruition with 25% stake and new division for the Assassin's Creed developer
In-game screenshot of the player consuming an enemy in Shadow Labyrinth
This isn't your grandpa's Pac-Man — Bandai Namco's iconic character gets a gritty new action game this Summer
Key art for Dragon Quest 1 and 2 HD-2D remake
Every PC and Xbox game shown off during Nintendo Direct March 2025