Windows 11 leaked unofficially before Microsoft actually released it to Insiders 3 weeks ago, and unfortunately, this created a ready market for downloading Windows 11 ISOs from unofficial sources, which Kaspersky reports often contains malware.
Kaspersky reports on one example, the 1.75 GB 86307_windows 11 build 21996.1 x64 + activator.exe. With a file size as large as 1.75GB, it certainly looks plausible, but in fact, the bulk of that space consists of one DLL file that contains a lot of useless information.
Opening the executable starts the installer, which looks like an ordinary Windows installation wizard. However, its main purpose is to download and run another, more interesting executable. The second executable is an installer as well, and it even comes with a license agreement (which few people read) calling it a “download manager for 86307_windows 11 build 21996.1 x64 + activator” and noting that it would also install some sponsored software. If you accept the agreement, a variety of malicious programs will be installed on your machine.
Kaspersky says they have detected several hundred infection attempts that used similar Windows 11–related schemes. A large portion of that malware consists of downloaders, whose task is to download and run other programs.
Those other programs can be very wide-ranging — from relatively harmless adware, which our solutions classify as not-a-virus, to full-fledged Trojans, password stealers, exploits, and other nasty stuff.
Given that Microsoft is making Windows 11 freely available, the best way to acquire the software is to join the Window 11 Insider program, which can be done by simply visiting the Update and Security tab in the Windows 10 Setting app and scrolling down to Windows Insider Program.