Kaspersky Has Detected and Blocked More Than 800 Threats Disguised as Windows 11

Be careful when updating! Malware spreads under the guise of the newest version of the most popular operating system.

Just one month after its introduction, Kaspersky has detected and blocked more than 800 attempts to infect various threats that pose as a free update to Windows 11.

On June 24, Microsoft officially introduced Windows 11, a new version of its system Operating System (OS) to be offered to PC owners this year. However, since the OS is already available for download and early adoption, Kaspersky has found that cybercriminals are already taking advantage of the interest in this update to distribute malware under the guise of Microsoft’s new operating system.

To learn more about how scammers prey on impatient Windows users, Kaspersky researchers analyzed malicious files that appeared to be the free update to Windows 11. Within the first month of the release of the new operating system only, Kaspersky products detected and prevented 850 attempts to infect users through files with various threats disguised as Windows 11.

Kaspersky experts also highlighted the diversity of the threat landscape. They discovered downloaders and adware relatively harmless, which Kaspersky solutions classify as “non-viruses,” as well as fully developed Trojans, back doors, and stealers, or information thieves, whose function is to collect user secrets, such as saved passwords or browser cookies.

For example, the company’s researchers found a malicious file with a size of 1.75 GB, leading the user to believe that it could actually be an operating system. This file contains a large amount of junk data that is not used in any way during installation. If a user opens this file, the installer will start, which appears to be a normal Windows installation wizard. Its main objective is to download and run a second installer, which in turn installs on the system adware, potentially unwanted applications or other types of malware. The most interesting thing is that, in this case, the same user gives permission to install all that. This is what it looks like in the example of a fake Windows 11 installer.

Example of a fake Windows 11 installer.

“The introduction of the new Windows 11 operating system is huge, attracting the interest of many users and technology enthusiasts. Recognizing this demand, scammers have quickly braced themselves and spread various types of malware that appear to be the new operating system. By getting excited about experiencing the new operating system, users are likely to pay less attention to the process and may therefore download files from third parties (something we recommend never doing). And, of course, the attackers would be delighted to offer their services,» says Anton V. Ivanov, a security expert at Kaspersky.

To avoid downloading malicious files that pose as a free Windows 11 update, Kaspersky recommends:

  • Be skeptical of news or offers that are too generous for the new operating system.
  • Always check the authenticity of the websites you visit.
  • Only download operating systems from official stores.
  • Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection against a wide range of threats.