Beware - that Windows 11 document is probably a scam

News
By published

"Windows 11 Alpha" scam could be the work of notorious threat group

scammers
(Image credit: Shutterstock / Brazhyk)

A new malware scam has been detected that looks to capitalize on curiosity about the upcoming Windows 11 release, cybersecurity researchers has found.

Analysts at security company Anomali looked at six macro code-laced Microsoft Word documents, which all tricked users into downloading a JavaScript backdoor that can then be used by the attacker to deliver any malicious payload.

Anomali believes that the backdoor resembles one commonly used by the Eastern European threat group known as FIN7 which is thought to have already cost businesses around a billion dollars.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“While we cannot conclusively identify the attack vector for this activity, our analysis. strongly suggests the attack vector was an email phishing or spear-phishing campaign,” note the researchers. 

POS attack

According to the report, upon opening, the tainetd documents show Windows 11 imagery with text suggesting that the document was generated with the newer operating system, which can’t be viewed because of a compatibility issue.

This is in fact a trick to fool users into following the listed instructions to enable macro content, and help the nefarious documents to install the backdoor.

An analysis of the malicious code reveals it is obfuscated to hinder analysis, though the researchers were able to un-jumble it to reveal the trickery.

Interestingly, the script is designed to self-annihilate if it detects the victim’s computer is using Russian or a handful of other Eastern European languages, or has less than 4GB of available memory, or is a virtual machine (VM) instead of a physical computer.

Anomali believes that the attack is designed specifically to target the US-based Clearmind point-of-sale (POS) provider. This further connects the attack to the FIN7 group, which has attacked Clearmind in the past as well. 

“As a California-based provider of POS technology for the retail and hospitality sector, a successful infection would allow the group to obtain payment card data and later sell the information on online marketplaces,” share the researchers.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking
Phone scammer
Microsoft thinks it could stop this dangerous scam forever
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts&#039; web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin&#039;s Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ
More about security
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Ransomware

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
The Toyota FT-Me Concept sitting in a car park

Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone
See more latest
Most Popular
The Toyota FT-Me Concept sitting in a car park
Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone
A close up of The Daily podcast from Pocket Casts&#039; web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Global Special Forces server
AI server designed for Chinese military use wins major global design award in Europe
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin&#039;s Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ