Fake Windows 11 installer files caught installing Trojans and adware
What's the story
Earlier this year, Microsoft announced the discontinuation of Windows 10 as it launched its successor, Windows 11. At present, the operating system is exclusively available through the Developer channel of the Windows Insider Program.
However, bad actors are now distributing malware via fake Windows 11 installer files, capitalizing on the fact that most people's computers don't meet the hardware requirements for the Developer channel.
Compatibility
Windows 11's hardware requirements leave many computers ineligible
Linus Tech Tips devoted a video on YouTube to explain that Windows 11 wouldn't run on any CPU from before 2017. However, even with the latest hardware, I wasn't able to select the Developer channel of the Windows Insider Program.
Turns out that I need to have Secure Boot enabled in BIOS and a physical Trusted Platform Module (TPM) key plugged into the motherboard.
Off-limits
Microsoft hasn't yet released an ISO file for Windows 11
While switching on Secure Boot is easy enough, finding a TPM key isn't easy. When most people realize that workarounds are complicated and Microsoft isn't willing to give them an official copy of Windows 11 yet, they turn to third-party alternatives.
Moreover, Microsoft hasn't yet released an official ISO file for Windows 11 that would allow it to be installed on incompatible hardware.
Malicious intent
Counterfeit Windows 11 installers seek administrator privileges, install malware
XDA-Developers reported that people looking for an easy way out are highly likely to encounter fake Windows 11 installers that don't work as expected and also install malware on the computer.
These installers request administrator-level privileges to download and install adware and Trojans.
While adware just spews ads across your computer, Trojans are more dangerous and harder to remove completely from infected computers.
Rampant spread
One variant of malware packs 'Download Manager' that installs malware
XDA-Developers noted that the most rampant malware comes bundled with a file named 86307_windows 11 build 21996.1 x64 + activator.exe. Unsuspecting downloaders are led to believe that the 1.75GB file will install Windows 11 and subsequently activate it.
The file starts off as a normal installer but a second installer called Download Manager pops up, but accepting its meaningless agreement installs the malware.
Countermeasures
Windows Defender, antivirus could remove unknowingly installed malware
If you attempted to install Windows 11 through one of these malicious sources, we recommend you to use reputable antivirus software or Windows Defender to scan for and remove the malware.
Long story short, use the PC Health Check app to see if your computer can run Windows 11. Then enroll in Windows Insider Program's Developer channel for an official copy of Windows 11.
In short
Wait until you receive Windows 11 update from official sources
If you cannot join the Developer channel, sit tight until Microsoft releases an official Windows 11 ISO file that can be used to create a bootable USB drive.
If you're the impatient kind, try using UUP Dump like in Linus Tech Tips' video.
Lastly, if your hardware is incompatible and outdated, Microsoft will support Windows 10 until late 2025.