You are here
Home > News > Kaspersky report: hackers use Windows 11 mirroring to spread malicious programs

Kaspersky report: hackers use Windows 11 mirroring to spread malicious programs

Before the official release for members of the Windows Insider project, the Windows 11 system image had already been sneaked off the Internet. The sneaked mirror link has also become an attack weapon in the eyes of hackers. According to Kaspersky’s report, the Internet is full of ISO images containing malware.

A typical example reported by Kaspersky is the 86307_Windows 11 build 21996.1 x64 + activator.exe file with a capacity of 1.75GB. Although it is very normal and credible from the perspective of capacity and text description, the file is actually composed of a DLL file, which contains a lot of useless information.




Opening this executable file will launch the installer, which looks like a normal Windows installation wizard. However, its main purpose is to download and run another executable file. The second executable file is also an installer, it even comes with a license agreement (few people read), calling it “86307_windows 11 build 21996.1 x64+activator download manager”, and pointed out that it will also install some sponsors software. If you accept the agreement, various malicious programs will be installed on your machine.




Kaspersky stated that they have detected hundreds of infection attempts using programs similar to Windows 11. A large part of these malware consists of downloaders whose task is to download and run other programs. These other programs can be very broad-from relatively harmless adware (which our solution classifies as non-virus) to mature Trojan horse programs, password stealers, vulnerabilities, and other annoying things.

Leave a Reply