Ever since Microsoft has released the first Insider Preview build for Windows 11 on June 28th, a worrying number of fake ISO images and installer files named Windows 11 are doing the rounds on the internet.
Though Windows 11 will officially become available to the general public in 2021, many enthusiasts are using alternative methods to get Windows 11 on their devices and getting malware instead.
According to a report from cybersecurity firm Kaspersky, these fake Windows 11 installers that guarantee users to bypass Microsoft’s Insider testing ring contain malware and adware.
“Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all),” Anton Ivanov, vice president of threat research at Kaspersky, stated in a blog post.
“The most straightforward way cybercriminals deceive users is by slipping in something extra.”
Kaspersky reported an example, an executable 1.75GB file named “86307_windows 11 build 21996.1 x64 + activator.exe”, which poses itself as a Windows 11 installer. While the file looks credible, the majority of the space consists of one DLL file with a lot of useless information.
When users open the executable, it starts the installer that looks like an ordinary Windows installation wizard. However, its main purpose is to download and run another, more interesting executable.
The second executable is an installer as well, which comes with a license agreement that very few people read. The fake Windows 11 calls itself a “download manager for 86307_windows 11 build 21996.1 x64 + activator” and notes “that it would also install some sponsored software”. Once users accept the agreement, a variety of malicious programs will be installed on their machines.
The cybersecurity company said the installed malware “can be very wide-ranging—from relatively harmless adware, which our solutions classify as not-a-virus, to full-fledged Trojans, password stealers, exploits, and other nasty stuff.”
Kaspersky claims that their products have already defeated several hundred infection attempts that used similar Windows 11 related schemes. It also recommends users to download Windows 11 from official sources only, as advised by Microsoft.
Currently, the only legitimate way to use Windows 11 ahead of its official release is to register and join the Windows Insider program or wait until Windows 11 is officially released.