Click to Skip Ad
Closing in...

Unofficial Windows 11 installer infects PCs with malware

Published Apr 19th, 2022 4:22PM EDT
Windows 11 Android Apps
Image: Microsoft

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

An unofficial Windows 11 upgrade is making the rounds. Users looking to upgrade their PC from Windows 10 to Windows 11 will want to keep an eye out for this unofficial installer. When downloaded and activated, the installer infects the target PC with info-stealing malware.

This unofficial Windows 11 upgrade will steal your private info

Microsoft Defender on Windows 11Image source: Microsoft

BleepingComputer says the campaign is currently active, and it’s trying to “poison search results” to push users to download the infected file. The unofficial Windows 11 upgrade is downloaded via a site that is meant to mimic Microsoft’s official website. Eagle-eyed users should note that the URL is quite different from what you’d see if visiting Microsoft’s website, though.

When users press the download button, they are given an ISO file that harbors the malware inside of it. If the user opens the ISO file, then the malware is installed, giving bad actors access to their information. A group of threat researchers at CloudSEK analyzed the malware and shared the results in a report with BleepingComputer.

CloudSEK named the malware in the unofficial Windows 11 upgrade Inno Stealer. The researchers on the project say that it doesn’t seem to have any similar code to other info-stealers out there. Additionally, they’ve found no evidence of the malware being uploaded to the Virus Total Scanning Platform, either.

How the malware infects your computer

Windows 11 Main
Windows 11 running on a PC. Image source: Microsoft

CloudSEK says the loader file hides in the “Windows 11 setup” executable found inside of the ISO. When launched, that creates a temporary file named is-PN131.tmp. It then creates another .TMP file allowing the loader to write 3,078KB of data to your PC. The loader then spawns a new process utilizing the Windows API. Altogether, the Inno Stealer creates four different files within your system.

The Inno Stealer included in the unofficial Windows 11 upgrade then targets browsers and cryptowallets. Some of the targeted items include Chrome, Opera, Brave, and Vivaldi, as well as wallet sites like wallet-backup\\, WalletWasabi, and wallet.dat. As such, it puts both your account info and cryptowallets at risk.

Because the Inno Stealer gets so much access to your information, I highly recommend avoiding unofficial Windows 11 upgrade options. We understand that many want to install Windows 11 on computers that don’t technically meet the requirements. And there are ways to get around that.

But if you want to protect your data, you should only download Windows 11 using your computer’s built-in upgrade system. Or, you can always go directly to Microsoft’s website. Never download from a third-party source.

Josh Hawkins has been writing for over a decade, covering science, gaming, and tech culture. He also is a top-rated product reviewer with experience in extensively researched product comparisons, headphones, and gaming devices.

Whenever he isn’t busy writing about tech or gadgets, he can usually be found enjoying a new world in a video game, or tinkering with something on his computer.