This fake Windows support website delivers password-stealing malware

Status
Not open for further replies.
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,788
6
82,800
8,389
54
The Netherlands
Content source
https://www.malwarebytes.com/blog/scams/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware
A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.

We spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Click to expand...
www.malwarebytes.com

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
www.malwarebytes.com www.malwarebytes.com
 
  • Like
  • +Reputation
  • Sad
Reactions: Halp2001, Brownie2019, Captain Awesome and 15 others
Blocked by NextDNS due to:

  1. AI-Driven Threat Detection
  2. Block Newly Registered Domains (NRDs)
  3. HaGeZi Multi Ultimate
1.png
 
  • Like
  • +Reputation
  • Applause
Reactions: Halp2001, Brownie2019, Zero Knowledge and 9 others
SeriousHoax said:
Also by Cloudflare Zero Trust, Kaspersky and a few others.
View attachment 297076
Anyway, the site is not active anymore.
Click to expand...
I wanted to see what blocked it for me, whether is it Hagezi's list or Cloudflare category. It was Cloudflare malware category indeed (it has priority over Hagezi Pro++).

Screenshot_2.png
 
  • Like
  • +Reputation
  • Applause
Reactions: Brownie2019, Sampei.Nihira, Khushal and 5 others
Status
Not open for further replies.

You may also like...