HomeWinBuzzer NewsWindows 11 Fake Previews Are Installing Malware on Target PCs

Windows 11 Fake Previews Are Installing Malware on Target PCs

Kaspersky has reported on threat actors using fake Windows 11 preview files to trick users into downloading malware.


's position as the leading enterprise software developer in the world means it is the biggest target for . That will be as true for as it is for , Windows 10, and other products. In fact, Windows 11 is already getting a taste of what is to come despite still being in preview ahead of a fall launch.

Specifically, some users who obtain unofficial IOS for the preview are getting malware infected files instead. This situation stems for permissions to access the Windows 11 preview. Since launching the preview in June, Microsoft has been rolling out a steady stream of updates. However, to access Windows 11 in preview, users must be part of the Insider Program Dev channel.

It seems some people do not want to be part of the Insider Program but still want access to the preview. So, they go online to find unofficial ISOs of preview builds for Windows 11. Threat actors seem to be targeting these users with malware infected files masquerading as Windows 11.

Security firm Kaspersky Lab reports on files that are mimicking Windows 11 previews to fool users. One such example is a fill named “86307_windows 11 build 21996.1 x64 + activator.exe”. It is available online pretending to provide access to Microsoft preview build. It even has a file size of 1.75GB to further suggest legitimacy.


Instead of holding Windows 11, it instead hosts a DLL file. When the file is installed, the package downloads an executable which provides a message saying as part of the license agreement, “sponsored programs” may be installed.

Now, many users may sport this message and know something is wrong. However, many people simply do not read these kinds of messages, especially if they think they know what they are getting. It a user ignores the message and agrees to the nefarious terms will soon find malware on their system.

According to Kaspersky, the malware differs across the spectrum of threats (trojans, adware, , spyware). The company says it has already taken down numerous attempts using this method.  

Of course, the company advises users to only download Windows 11 from official channels. At the moment, that means enrolling with the Windows Insider Program.

Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts the OS' behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News