Hackers use Windows 11 mirroring to spread malicious programs

Before the official release for members of the Windows Insider project, the system image of Windows 11 was sneaked off the Internet. The sneaked mirror link has also become an attack weapon in the eyes of hackers. According to Kaspersky reports, the Internet is full of ISO images containing malware.

A typical example reported by Kaspersky is the 86307_ Windows 11 build 21996.1 x64 + activator.exe file with a capacity of 1.75GB. Although it is normal and credible from the perspective of capacity and text description, the file is actually composed of a DLL file, which contains a lot of useless information.

Opening this executable file will launch the installer, which looks like a normal Windows installation wizard. However, its main purpose is to download and run another executable file. The second executable file is also an installer, it even comes with a license agreement (few people read), calling it “86307_windows 11 builds 21996.1 x64+activator download manager”, and pointed out that it will also install some sponsors software. If you accept the agreement, various malicious programs will be installed on your device.

Kaspersky stated that they have detected hundreds of infection attempts using programs similar to Windows 11. A large part of this malware consists of downloaders whose task is to download and run other programs. These other programs can be very broad-from relatively harmless adware (our solution classifies it as non-virus) to mature Trojan horses, password stealers, loopholes, and other annoying things.

Leave a Comment