Whenever some new software product, specifically when a new major OS version is about to be unveiled, attackers try to take advantage of the event. Lately, announcements about the launch of Windows 11 are making the rounds all over the world. This has created an opportunity for hackers to exploit eager users by launching new attacks.

What happened?

According to a Kaspersky report, a big rise has been witnessed in the propagation of bogus Win 11 installers. Attackers are spreading fake, malware-infected downloads, along with previews of the new OS. 
  • Several hundred infection attempts have already been observed and blocked by the firm. 
  • Most of these fake Win 11 installers present themselves as a downloadable file that looks to be a legitimate MS Windows installer file by its size or structure.
  • The fake Win 11 installers spread adware/malware on computers.

How does it work?

Attackers are offering an EXE file named 86307_windows 11 build 21996[.]1 x64 + activator[.]exe. It is 1.75GB in size and looks to be legitimate, however, it contains a large DLL file with useless info.
  • When the DLL file is run, a Windows installation wizard is displayed on the system of the unsuspecting user. It then downloads and executes the second malicious executable file, which is an installer as well.
  • This installer file comes with a license agreement that installs the sponsored software. If the user accepts the agreement, his system is infected with different types of malicious threats or malware.

Conclusion

The enthusiasm for Windows 11 is expected to stay until it is officially released (in early 2022) and attackers are suspected to take full advantage of it. Microsoft is running the Windows Insider program through which interested people can register for the upcoming OS version. Therefore, it is recommended that users avoid downloading installations from third-party websites.

Cyware Publisher

Publisher

Cyware