Fake Windows 11 installers are being used to distribute malware
Microsoft released the first Windows 11 Insider Preview build on June 28, and has been frequently updating it in the past month or so, with the latest build landing just over a day ago. While the process to upgrade your existing PC to Windows 11 is fairly simple in the sense that you just have to enroll your machine into the Dev channel of the Windows Insider Program and have the build seeded to you, many have been trying other methods of obtaining unofficial ISOs and are being infected with malware instead.
This distribution of Windows 11 via fake installers isn’t sophisticated by any means. It relies on people downloading a shady installer and then clicking through the terms and conditions without reading them to initiate the installation.
A report from Kaspersky states that a file called “86307_windows 11 build 21996.1 x64 + activator.exe” is making the rounds on the internet. While the file size is 1.75GB and the name indicates that it contains Windows 11 build 21996.1 – which is actually an outdated build that leaked ahead of Microsoft’s official unveiling of the OS – and a key activator on top, it is actually a single and “useless” DLL file.
When users initiate the installation process via this file, it downloads and runs another executable. It also comes with a full-fledged license agreement which states that some “sponsored programs” will be installed on your machine. People who accept it without reading it get malicious software installed on their PC. Kaspersky notes that this software can be anything ranging from adware to Trojans to programs that steal your credentials. The company says that it has tackled hundreds of infection attempts that utilize this technique to supposedly distribute Windows 11.
Kaspersky can cautioned that official methods such as the Windows Insider Program should be used to install builds, and that the OS should not be installed on a primary machine yet since it can lead to stability issues.