Outlaw Installer for Windows 11 Infected With Malware

Early adopters seeking a premature peek of Windows 11 via unauthorized channels may be in for a nasty surprise — a dose of malware.

Kaspersky Lab on Friday reported that an unofficial installer is in the wild that promises to install the next version of Microsoft’s ubiquitous operating system on a user’s computer — but actually contains a malicious payload.

One example cited by Kaspersky contains an executable file called 86307_windows build 21996.1 x64 + activator.exe. Adding to the file’s credibility is its size: 1.75 gigabytes. However, most of the file is made up a single DLL file stuffed with useless information.

In the Kaspersky Daily blog, Anton V. Ivanov, the company’s vice president of threat research, explained that opening the file starts an installer that looks like an ordinary wizard familiar to any Windows user. The purpose of this installer, though, is to download a second executable file.

That file — download manager for 86307_windows 11 build 21996.1 x64 + activator — offers a simulacrum of authenticity by asking a user to approve a licensing agreement to install some sponsored software on their machine.

“If you accept the agreement, a variety of malicious programs will be installed on your machine,” Ivanov wrote.

“Those other programs can be very wide ranging — from relatively harmless adware, which our solutions classify as not-a-virus, to full-fledged Trojans, password stealers, exploits, and other nasty stuff,” he added.

Proven Technique

Offering a user a free installer for Windows 11 is a perfect announcement for a social engineer, maintained Tom Brennan, chairman of Crest USA, a global not-for-profit cybersecurity accreditation and certification body.

“It’s like ‘Did you see what happened at the Olympics last night when so-and-so did such-and-such. People will click on it,” he told TechNewsWorld.

Windows has a history of attackers creating malicious installs of its operating system, noted Leo Pate, a consultant with nVisium, an application security provider in Herndon, Va.

“Hackers do this in order to create backdoors into a user’s machine,” he told TechNewsWorld. “By introducing this backdoor, attackers are able to control all aspects of a Windows user’s environment, resulting in a full loss of privacy.”

Jon Clay, vice president of threat intelligence at Trend Micro, a global cybersecurity company, added that disguising malware as a software installer is a tried-and-true technique for infecting computers.

“With Microsoft coming out with a new version of Windows, this is a big deal,” he told TechNewsWorld. “This news will be used by malicious actors in their attacks moving forward, as many people will want to check it out.”

“This kind of thing has happened for years,” added Andrew Barratt, managing principal for solutions and investigations at Coalfire, a Westminster, Colorado-based provider of cybersecurity advisory services.

“Back in the old days it was dodgy game; installers or keygens that were used by those making illegal copies of software,” he told TechNewsWorld. “They always ran the risk that their downloads were being wrapped with malware — often trojans or other spyware.”