27 July 2021

Fake Windows 11 installer tries to trick users into installing malware


Fake Windows 11 installer tries to trick users into installing malware

Microsoft’s newest operating system has not been released to general public yet, but those who are eager to try out the new OS can download and install preview versions of Windows 11. Unfortunately, scammers are also trying to take advantage of the excitement around the OS, according to Kaspersky researchers who discovered a fake Windows 11 installer making rounds on the internet.

Kaspersky said it blocked hundreds infection attempts that used Windows 11–related schemes, with a large portion of them being downloaders. In one such example, Kaspersky discovered an executable file called 86307_windows 11 build 21996.1 x64 + activator.exe, which appears to be related to Windows 11 installation and some sort of license activator.

This 1.75GB file, which contains a DLL file containing a lot of useless information launches a program that looks like a Windows installation wizard. This file, in turn, downloads and runs a second executable, which contains a license agreement.

If the user agrees to the terms of agreement, a variety of malware will be installed on their computer, ranging from relatively harmless adware to full-fledged Trojans, password stealers, and exploits, Kaspersky warned.


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021