A fake Microsoft support website is tricking users into downloading a malicious file disguised as a standard Windows update. This malware is specifically designed to steal sensitive data like passwords and payment information while successfully evading most security software.
Cybercriminals have launched a deceptive campaign using a typosquatted domain that mimics an official Microsoft support page to distribute malware. The website is currently localized in French and specifically targets users by offering a fake cumulative update for Windows version 24H2. To increase the appearance of legitimacy, the page includes a plausible KB article number and a prominent blue download button that mirrors the authentic Microsoft interface.
The primary goal of this attack is to trick individuals into manual installation by making the process look like a routine system maintenance task. Because the site is professionally designed, it can easily fool even cautious users who believe they are improving their system security. Once the user clicks the download button, they are not receiving a patch but are instead granting the malware entry into their operating system.
Once the malicious file is executed, it begins its work of harvesting private information from the infected device. The malware is programmed to target credentials stored in browsers, financial details, and various account access tokens. By compromising these data points, the attackers can gain full control over the victim's digital identity and financial assets without their immediate knowledge.
What makes this particular campaign so dangerous is its ability to remain undetected by many traditional security tools. The file is crafted to appear as a legitimate system component, allowing it to bypass standard antivirus scans and behavioral analysis. This high level of stealth ensures that the malware can operate in the background for extended periods while it continues to exfiltrate data.
While the current version of the site is in French, these types of social engineering schemes often expand to other languages and regions very quickly. Users are advised to only obtain Windows updates through the official settings menu on their devices rather than following links from external websites. Relying on built-in system tools remains the most effective way to avoid falling victim to these sophisticated imitation sites.
Source: https://www.malwarebytes.com/blog/scams/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware