Fake Windows 11 Installers Distributing Malware to Hopeful Users

Published on July 24, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist
malware

Ever since Microsoft presented Windows 11 slick new looks to the world, fans of the world’s most popular operating system have been contemplating how they can upgrade. Digging into the compatibility quirks and joining Microsoft’s Insider program is the official way to tap into the upcoming Windows release. Still, not everyone is welcome or eligible at this point, which understandably leaves a big portion of that audience unsatisfied. Whenever a notable size of a crowd is left hanging, scammers and malware distributors are looking for ways to exploit the situation.

In this case, noticed and analyzed by researchers at Kaspersky, scammers are promising users a Windows 11 update only to infect them with malware and adware. To make their false claims believable, the actors use a “.exe” filename that resembles a Windows build, include an activator in the naming, and size it to 1.75GB. At a glance, all of that appears legitimate, but it isn’t.

Source: Kaspersky

Opening the executable indeed initiates an installation wizard, which in turn fetches a new executable. This is actually a dropper of malware/adware, which even prompts the victim to accept the terms. In those terms, the download and installation of “sponsored software” are mentioned, and consent to collect information relevant to web browsing, purchasing behavior, websites visited, app usage, video streaming, and other online activities is requested. These are collected and analyzed for market research purposes, so the whole case is made clear in the terms.

Source: Kaspersky

Not all malware distributors are equally transparent about their software, though. In some other cases, Kaspersky noticed full-fledged password stealers, exploits, and stealthy spyware that could even bypass AV detection. All in all, when you’re downloading something from obscure sources like forums, torrent sites, or the dark web, chances are you’re downloading malware.

If you’re interested in trying Windows 11, you can only do it through the Windows Insider program. Any other claims made around this are false, and their goal is to exploit you. Right now, our advice to you would be to wait until Microsoft releases Windows 11 stable, which is expected to happen probably by October. Windows 11 is still under development, so it’s not suitable to use as a daily driver anyway.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: