Researchers Describe Windows 11 Preview ScamMalware Distributed Using Fake Windows Installer
Although Microsoft is slated to release the Windows 11 operating system in December, it's already available for a limited pre-release preview. And cybercriminals are taking advantage of that, slipping malware to those downloading a fake demo version, according to security firm Kaspersky.
Those who download the fake OS face the risk of a variety of malicious programs being installed, Kaspersky researchers say.
Kaspersky says it also has defeated several hundred infection attempts that used similar Windows 11-related schemes. "A large portion of these threats consists of downloaders, whose task is to download and run other programs. Those other programs can be very wide-ranging - from relatively harmless adware, which our solutions classify as not-a-virus, to full-fledged Trojans, password stealers, exploits and other nasty stuff," the report notes.
Kaspersky researchers note that Windows 11 is officially available only to participants in the Windows Insider program, and the preview is available only for devices that have Windows 10 already installed.
"We don’t recommend running the update on your main computer; prebuilds can be unstable. We also advise you to use a reliable security solution and never disable it, so that cybercriminals cannot gain access to your computer through social engineering or vulnerabilities in the not-ready-for-primetime system," Kaspersky notes.
Threat actors frequently attempt to repackage installers for major software releases as a means to deliver malware, says Jake Williams, a former member of the National Security Agency's elite hacking team who now runs the cybersecurity consultancy Rendition Infosec.
"This technique is most likely to impact home users, since enterprise IT staff usually know how to obtain the software from official sources," he says. "It's good to note this isn't just an issue with Windows 11, but will be an issue with other prominent software packages as well.
"We've recently responded to incidents where users with local administrative permissions on their machines have installed everything from web browsers to office utilities, all bundled with malware. When this happens on a corporate machine, the response costs dwarf any inconvenience of waiting for IT, doubly so if victim notifications are required due to data being breached."
Windows 11 Requirements
To access Windows 11 security upgrades in December, users must have a computer running the TPM 2.0 security chip.
A TPM chip is a secure crypto-processor that carries out cryptographic operations. The chip includes physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM, Microsoft says.
Microsoft ceased supporting Windows 7 in January 2020. It has not offered a timeline for when support for Windows 10 might end.