Kaspersky’s security products have recently blocked hundreds of malicious programs that counterfeit Windows 11 in an attempt to infect. Most of them include downloaders, whose main purpose is to download and execute other programs. Other malicious programs are also in various forms, ranging from harmless ad programs to fully functional Trojan horses, password stealing programs, vulnerability mining programs, and so on.
One of them is an executable file named 86307_windows 11 build 21996.1 x64 + activator.exe, which is intended to impersonate Windows 11. This file is up to 1.75GB, which looks like a Windows 11 installation executable file, but most of its space is a DLL file filled with a lot of useless information.
Opening this executable file will drive the installation, the process is no different from the general Windows installation wizard. But in fact it will download and execute another executable file. The second executable file is also an installer, calling itself “86307_windows 11 build 21996.1 x64 + activator installation manager”, and even has license terms. This text is generally not read by anyone. It installs some sponsored software while installing Windows 11. If the user agrees to the terms and installs fake Windows 11, various malicious programs will be installed on their machines.
Kaspersky urges users to download Windows 11 only from official sources. Currently, Windows 11 is only available to developers who join the Insider program, and they must register to download the technical preview version. In addition, only machines with Windows 10 installed can test Windows 11.
In addition, due to the unstable technical preview versions, both Microsoft and security vendors recommend that these preview versions should not be installed on the main operating computer.