Skip to main content
  1. Home
  2. Computing
  3. News

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

A fake Windows update site is tricking users into installing malware

By
Add as a preferred source on Google
malwarebytes laptop
Malwarebytes

If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately. Malwarebytes has just spotted a fake Microsoft support website (microsoft-update.support) that pretends to offer a cumulative update for Windows 24H2 but actually delivers password-stealing malware.

The entire page is dressed up to look official, and even uses proper KB-style reference and downloads an 83MB MSI file called Windowsupdate1.0.0.msi that looks quite legit even in the file properties.

What the malware actually does

The Malwarebytes logo against a white background.
Malwarebytes

The site is currently written in French, which suggests that the scam is currently targeting French-speaking users first. But Malwarebytes warns that these operations can spread quickly. The installer itself was built with the legitimate WiX Toolset, and its metadata is spoofed to make it look Microsoft-made. This helps it blend in both for users and for some basic security checks.

Recommended Videos

The MSI drops an Electron-based app into the user’s AppData folder, then launches additional components, including a disguised Python runtime. From there, the malware then pulls in tools and packages associated with data theft, like components used for encryption, process inspection, and deeper Windows access. The firm says the malicious code also targets Discord by modifying its files to intercept login tokens, payment details, and two-factor authentication changes.

malwarebytes laptop
Malwarebytes

Malwarebytes says it also fingerprints victims by checking IP and geolocation, contacts command-and-control infrastructure hosted through Render and Cloudflare Workers, and uploads stolen data through Gofile.

Why you should heed this warning

An unsettling detail uncovered in the report is that, at the time Malwarebytes analyzed it, the main executable and launcher showed zero detections across dozens of antivirus engines on VirusTotal. The company says that it is because the malware hides its logic inside obfuscated JavaScript, legitimate Electron components, and runtime-delivered Python tooling instead of one obviously malicious binary. So basically, do not fall for this fake Windows support site. It is not helping you patch your PC. It is trying to rob it.

Vikhyaat Vivek
Vikhyaat Vivek
Vikhyaat Vivek is a tech journalist and reviewer with seven years of experience covering consumer hardware, with a focus on…
Topics
Android will now warn you if someone is using AI to fake your contact’s voice on a call
Google's fake call detection is the first time a phone platform has built a real-time cryptographic defense against AI voice cloning scams.
Android fake call detection featured.

Yes, advancements in AI help people from different walks of life, but they have some cons. One of the most exploited con has been AI voice cloning. Over the years, it has reached the point where most people can no longer tell a deepfake voice from a real one. 

Scammers already know this, and they’ve been spoofing users’ contacts, cloning their voice, and committing financial frauds for quite some time. Android's new fake call detection is designed to stop that exact scenario before it costs you.

Read more
Qualcomm’s Snapdragon X2 Elite finally lands in a mini PC, and it looks like Windows’ answer to the Mac mini
Qualcomm Snapdragon X2 Featured Image Render

For the past two years, Qualcomm's Snapdragon X series has largely been confined to notebooks. The chips delivered impressive battery life and surprisingly competitive performance, but they never got the chance to challenge compact desktop machines like Apple's Mac mini or even the more powerful Mac Studio. The Ascent QN10 changes that.

Packing the 18-core Snapdragon X2 Elite processor alongside Qualcomm's integrated Adreno GPU, the tiny desktop also becomes the world's first mini PC to offer 80 TOPS of AI performance through its dedicated Hexagon NPU. So, ASUS is introducing a new form factor for Qualcomm's most powerful PC silicon.

Read more
Amazon announces Prime Day sales date and it’s happening a tad earlier this year
Amazon moved Prime Day to June for the first time, quietly positioning it ahead of the back-to-school season.
Electronics, Computer, Tablet Computer

Amazon Prime Day is back, it is four days long again, and, for the first time in Prime Day’s history, it’s kicking off in June rather than July. 

So, if you spent last summer waiting until mid-July to buy that thing at a discounted price, you now have about two fewer weeks to make up your mind.

Read more