There is no doubt there have been multiple attempts by hackers to compromise Windows users since long before Windows 11 came into play. One way is to create incorrect Windows installer files. Users then unknowingly download these files making them susceptible to malware. To that effect, in a blog post by HP's Threat Research team, a new scheme of that nature was recently detailed.
According to the team, around the time of the last phase of the free Windows 11 upgrade was announced, a malicious actor registered the domain windows-upgraded[.]com. This domain was then used to spread malware. As we warned, this was done by tricking users into downloading and running a fake installer and malware known as a Redline stealer. A lot of people fell victim to this Redline stealer scam by attackers because it is quite similar to the one on Microsoft's official website.
"The domain caught our attention because it was newly registered, imitated a legitimate brand, and took advantage of a recent announcement. The threat actor used this domain to distribute RedLine Stealer, an information stealing malware family that is widely advertised for sale within underground forums," explains HP.
The real installer and fake installer are actually quite similar, the difference sets in when you click on the download now button. The download process is initiated and "Windows11InstallationAssistant.zip" is downloaded and on decompression, the malware is injected.
You can avoid these troubles and should always be extremely vigilant when trying to upgrade to Windows 11, and download Windows upgrades from Microsoft only, using Windows Update. This will help secure your files and personal information loaded on your device.