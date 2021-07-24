Windows 11 was unofficially leaked before Microsoft released it to Windows Insiders a few weeks ago. This supposed a users target to be attacked by malware and so on. Immediately after the leak, downloads of Windows 11 ISOs from unofficial sources began to be seen, which Kaspersky has confirmed that on many occasions contained malware.

Curiosity about Windows 11 triggers malware downloads

Kaspersky has reported an example, a file (86307_windows 11 build 21996.1 x64 + activator.exe) 1.75GB that seemed to contain the operating system and activator. With such a file size, no one would think that it is malware. However, most of that space consists of a DLL file that contains a lot of useless information.

Opening the executable launches the installer, which looks like a normal Windows installation wizard. However, its main purpose is download and run another more interesting executable. The second executable is an installer as well, and it even comes with a license agreement (which few people read) calling it a “Download manager for 86307_windows 11 build 21996.1 x64 + activator” and pointing out that it would also install some sponsored software. If we accept the agreement, a variety of malicious programs will be installed on our computer.

Kaspersky says that have detected several hundred infection attempts that used similar schemes related to Windows 11. A large part of that malware consists of downloaders, whose task is to download and run other programs.

From Microsofters we recommend that you avoid downloading ISOs from dubious Windows 11 sources. The safest method is to download the update directly when you join the Windows Insider program. So you have the guarantee that the downloads come directly from Microsoft.