Fake Windows 11 Installers are Being Used to Spread Malware

 

Although Windows 11 isn't expected to be released until later this year, hackers have already begun attempting to use it to infect victims with malware. On Friday, security firm Kaspersky warned that crooks were using bogus installers to take advantage of consumers eager to get their hands on the Microsoft operating system update, which is set to be released in the fall. 

“Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all),” Kaspersky wrote. The sarcastic "goodies" include anything from harmless adware to password stealers and trojans. 

An executable file called 86307 windows 11 build 21996.1 x64 + activator.exe is one example. It certainly appears credible, with a file size of 1.75GB. However, the majority of that space is taken up by a single DLL file that contains a lot of irrelevant data. 

When you run the application, the installer seems to be a standard Windows installation wizard. Its primary function is to download and execute a more intriguing executable. The second executable is likewise an installer, with a license agreement that describes it as a “download manager for 86307 windows 11 build 21996.1 x64 + activator” and notes that it will also install some sponsored applications. If you accept the agreement, your computer will be infected with a number of malicious programmes. 

It's not uncommon for hackers to take advantage of victims' demand for a product or service, whether it's coronavirus contact tracing apps or the Telegram encrypted messaging app. In late June, Microsoft announced Windows 11 and made an initial “insider preview” accessible. Security has been highlighted as a key driving factor in the development of the operating system upgrade. 

The bogus installers are proliferating as Microsoft battles a number of security threats directed at the firm. Last week, Microsoft revealed instructions on how to protect against the "PetitPotam" attack, which might allow attackers to take control of Windows domains, as well as a solution for the "SeriousSAM" vulnerability, which could let attackers get administrative access. Last week, the corporation also issued a warning about LemonDuck, a cryptocurrency mining malware that has been targeting Microsoft devices.