A fake Windows update page has been found to host password-stealing malware
NEWNow you can listen to Fox News articles!
If you’ve ever clicked “Check for updates” and believed what you saw, you’re not alone. That’s exactly what this latest scam is counting on.
The page mimics official branding, includes a credible database number and offers a big blue download button that feels familiar.
Getting caught? The download includes malware designed to steal passwords, payment information and account access.
According to researchers at Malwarebytes Labs, the cybersecurity research and threat intelligence team within Malwarebytes, the site uses a typosquatted domain that looks close enough to Microsoft’s real URL to fool a quick glance. That little trick is often necessary.
APPLE EMAIL ALERT APPLE PASSWORD
Cybersecurity researchers are warning a fake Microsoft site is using a fake URL and a generic download button to deliver data-stealing malware. (Michael Nagle/Bloomberg via Getty Images)
Sign up for my FREE CyberGuy report
- Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by the millions who watch CyberGuy on TV every day.
- Plus, you’ll get instant access to my Free Scam Survival Guide when you join.
Why this Windows malware slips past detection
At first glance, nothing seems closed. The file looks like a standard Windows installer. It even says “Microsoft” in its places. This is where this attack gets clever. Instead of using plain malicious code, attackers built an installer with legitimate tools and layered a layered attack on it. Each episode looks harmless on its own.
Here’s what happened behind the scenes:
- The installer launches what appears to be a normal operating system
- That app silently uses hidden scripts
- The hidden process loads the full Python environment
- Data theft tools run in the background
Because each step looks so routine, many security tools fail to flag it right away. The investigators also noted that antivirus engines initially showed zero detection of key components of the attack. That doesn’t mean the file is safe. It means that bad behavior is well hidden.
This is what this fake Windows update malware steals
Once installed, the malware starts working immediately. It collects information about the infected device, including location and IP address. It then accesses remote servers to receive instructions and upload the stolen data.
Targets include:
- Browser passwords are saved
- Login sessions and cookies
- Payment details
- Discord account tokens
It also tries to close other processes on your system to avoid interruptions while it is running. In some cases, it modifies apps like Discord to capture account activity in real time.
How does fake Windows update malware stay on your system
This malware is designed to be persistent. It creates entries that look like normal system processes, so they merge. One registry entry mimics Windows Security Health, which most users can ignore. It also drops a shortcut to your first folder with a generic name like Spotify. That makes it easy to ignore. Two different persistence strategies mean it can survive reboots and continue to work.
FAKE UPDATE PUSHES MALWARE IN NEW CLICKFIX ATTACK
A fake Windows update page tricks users into downloading malware that steals passwords, payment information and account access. (Beata Zawrzel/NurPhoto)
Why this Windows update scam sounds real
There is a big trend behind this. Researchers say campaigns like this one tend to target regions where major data breaches have already exposed personal information. Once attackers know your name, provider or habits, they can create scams that they feel are right for you. That makes a fake Windows review page more believable than a phishing email.
It also highlights something important. Today’s malware often hides inside legitimate tools and trusted frameworks. That makes it harder to see and easier to trust. This campaign shows how far fraudsters have gone. They no longer depend on sloppy emails or obvious fake links. Instead, they create layered attacks that look and behave like legitimate software.
Even experienced users can be caught off guard when everything seems normal. The biggest takeaway is simple. A clean scan result or a standard interface does not guarantee security.
Microsoft says it is aware of the threat
Microsoft confirmed that it tracks this type of activity and urges users to be careful when downloading updates from unfamiliar sources.
“We are aware of reports of fraudulent websites impersonating Microsoft, and we are working diligently to detect and disrupt malicious activity across the Internet,” a Microsoft spokesperson told CyberGuy. “We encourage customers to be aware of unexpected or downloaded information and to ensure that they are dealing with legitimate Microsoft domains. As a best practice, we recommend that users verify the validity of a link by going directly to our website from your saved favorites, from a web search, or by typing in the domain name yourself.”
For more guidance on protecting against online phishing scams, you can refer to Microsoft’s official support page at support.microsoft.com.
MICROSOFT CROSSED THE PRIVACY LINE FOR A FEW EXPECTATIONS
The Windows update verification scam distributes malware that can capture saved passwords, cookies, payment data and Discord tokens. (Photos by Todor Tsvetkov/Getty)
Ways to stay safe from Windows update malware
You don’t need to be a security expert to avoid this. A few habits make a big difference.
1) Update Windows only in your settings
Go to Settings > Windows Update and check updates There. Avoid downloading updates from websites.
2) Double check the URL
Genuine Microsoft pages use microsoft.com. Anything else, even if it looks close, should raise a red flag.
3) Be aware of urgent update instructions
If a site or message pressures you to install an update, stop it and confirm it manually.
4) Use strong antivirus software that detects behavior
Conventional antivirus software, which often comes built into your phone or as basic security software, mostly looks for known threats using signature matching, meaning it can miss new or well-disguised attacks like this. Solid antivirus software uses behavioral detection to monitor what programs are doing in real time, helping to flag suspicious activity even if malware has never been detected before. Find my picks for the best antivirus 2026 winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
5) Use a data removal service to limit your exposure
If your personal information is already floating around the Internet from a past breach, it can make scams like this even more believable. A data removal service helps reduce how much of your information is publicly available, making it harder for attackers to target you for phishing attempts. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out there on the web by visiting Cyberguy.com
6) Turn on two-factor authentication
Two-factor authentication (2FA) adds a second layer of protection if your passwords are stolen.
7) Avoid downloading installer files from unknown sites
Official updates rarely need to be downloaded manually.
Kurt’s priority is taking
Fake reviews are some of the most effective tactics because they tap into something we all trust. Keeping your system secure shouldn’t put you at risk, yet that’s exactly what attackers are exploiting here. The safest move is to slow down, verify where updates are coming from and stick to built-in tools whenever possible.
Are tech companies doing enough to keep fake reviews from putting your data at risk? Let us know your thoughts in the comments below. Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM
Sign up for my FREE CyberGuy report
- Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by the millions who watch CyberGuy on TV every day.
- Plus, you’ll get instant access to my Free Scam Survival Guide when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
