Unofficial Windows 11 installer infects PCs with malware


If you purchase an independently reviewed product or service through a link on our website, BGR may receive an affiliate commission.

An unofficial Windows 11 update is doing the trick. Users looking to upgrade their PC from Windows 10 to Windows 11 will want to keep an eye out for this unofficial installer. Once downloaded and activated, the installer infects the target PC with information-stealing malware.

Don’t miss: Tuesday deals: $174 AirPods Pro, Quest protein bars, $10 spring-loaded tactical knife, more

Today’s best deals

This Unofficial Windows 11 Update Will Steal Your Private Information

Microsoft Defender on Windows 11

Microsoft Defender on Windows 11

BeepComputer says the campaign is currently active, and is trying to “poison search results” to trick users into downloading the infected file. The unofficial Windows 11 upgrade is downloaded through a site meant to imitate the official Microsoft website. Eagle-eyed users should note, however, that the URL is quite different from what you would see if you visited Microsoft’s website.

When users press the download button, they get an ISO file which contains the malware inside. If the user opens the ISO file, the malware is installed, giving malicious actors access to their information. A group of CloudSEK threat researchers analyzed the malware and shared the findings in a report with BeepComputer.

CloudSEK named the malware in the unofficial Windows 11 upgrade Inno Stealer. Project researchers say it doesn’t appear to have code similar to other information stealers. Moreover, they found no evidence that the malware is uploaded to the Total Virus Scanning platform.

How malware infects your computer

Main of Windows 11

Main of Windows 11

CloudSEK says the loader file is hiding in the “Windows 11 Setup” executable found inside the ISO. When launched, it creates a temporary file named is-PN131.tmp. It then creates another .TMP file allowing the loader to write 3078 KB of data to your PC. The loader then spawns a new process using the Windows API. In total, Inno Stealer creates four different files in your system.

The Inno Stealer included in the unofficial Windows 11 update then targets browsers and cryptowallets. Some of the targeted items include Chrome, Opera, Brave, and Vivaldi, as well as wallet sites such as wallet-backup, WalletWasabi, and wallet.dat. As such, it puts both your account information and cryptowallets at risk.

Since Inno Stealer has so much access to your information, I strongly recommend that you avoid unofficial Windows 11 upgrade options. We understand that many want to install Windows 11 on computers that do not technically meet the requirements. And there are ways around it.

But if you want to protect your data, you should only download Windows 11 using your computer’s built-in upgrade system. Or, you can always go directly to the Microsoft website. Never download from a third party source.

Click here to read the full article.

See the original version of this article on


Comments are closed.