USA

Fake Windows update page found to install password-stealing malware

NEWYou can now listen to Fox News articles!

If you clicked “Check for updates” and trusted what you saw, you’re not alone. That’s exactly what this latest scam is based on.

The page mimics official branding, includes a convincing knowledge base number, and features a familiar-looking big blue download button.

Capture? The download installs malware designed to steal passwords, payment details and account access.

The site uses a misspelled domain name that appears close enough to a real Microsoft URL to fool a quick glance, according to researchers at Malwarebytes Labs, a cybersecurity research and threat intelligence team within Malwarebytes. This little trick is often all it takes.

APPLE APPLICATION PASSWORD SCAM EMAIL ALERT

Cybersecurity researchers warn that a fake Microsoft update site is using a similar URL and familiar download button to deliver data-stealing malware. (Michael Nagle/Bloomberg via Getty Images)

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent safety alerts and special deals straight to your inbox.
For simple, real-world ways to spot scams early and stay protected, visit: CyberGuy.com – Trusted by millions of people who watch CyberGuy on TV every day.
Plus, when you join you’ll get instant access to my Ultimate Scam Survival Guide for free.

Why can’t this fake Windows update malware be detected?

At first glance, nothing seems to be going right. The file looks like a standard Windows installer. It even lists “Microsoft” in its properties. Here’s where this attack is clever. Rather than using obvious malicious code, the attackers built the installer with legitimate tools and layered the attack in phases. Each piece seems harmless on its own.

Here’s what’s happening behind the scenes:

The installer launches what looks like a normal application
This app silently runs hidden scripts
A hidden process loads a full Python environment
Data theft tools activate in the background

Most security tools fail to flag this right away because each step seems routine. The researchers also noted that antivirus engines initially showed zero detection of key parts of the attack. This does not mean that the file is safe. This means that malicious behavior is well hidden.

What this fake Windows update malware steals

Once installed, the malware starts working quickly. It collects details about the infected device, including location and IP address. It then reaches remote servers to receive instructions and upload the stolen data.

Goals include:

Saved browser passwords
Login sessions and cookies
Payment details
Discord account tokens

It even tries to shut down other processes on your system to prevent interference while it’s running. In some cases, it replaces apps like Discord to capture account activity in real time.

How does fake Windows update malware stay on your system?

This malware is designed to be persistent. It creates entries that resemble normal system processes, so they blend together. A registry entry mimics Windows Security Health that most users will ignore. It also drops a shortcut in your startup folder with a familiar name like Spotify. This makes it easy to overlook. Two different persistence tricks mean it can survive a reboot and continue working.

FAKE WINDOWS UPDATE FORCES MALWARE IN NEW CLICKFIX ATTACK

Windows 11 and Windows 10 operating system logos

A fake Windows update page directs users to download malware that steals passwords, payment details and account access. (Beata Zawrzel/NurPhoto)

Why does this fake Windows update scam feel so real?

There is a larger trend behind this. Researchers say campaigns like this often target regions where major data breaches have already exposed personal information. When attackers already know your name, provider, or habits, they can create scams designed specifically for you. This makes a fake Windows update page much more believable than a generic phishing email.

It also underlines something important. Today’s malware often hides inside legitimate tools and trustworthy frameworks. This makes it harder to detect and easier to trust. This campaign shows how far scammers have come. They no longer trust sloppy emails or obvious fake links. Instead, they create layered attacks that look and behave like trustworthy software.

Even experienced users can be caught off guard when everything seems normal. The biggest takeaway is simple. A clean scan result or a familiar interface does not guarantee security.

Microsoft says it is aware of the threat

Microsoft has confirmed that it monitors such activity and urges users to be careful when downloading updates from unknown sources.

“We are aware of reports of fraudulent websites impersonating Microsoft and are actively working to detect and block malicious activity across the internet,” a Microsoft spokesperson told CyberGuy. “We recommend that our customers be wary of unexpected prompts or downloads and verify that they are interacting with legitimate Microsoft domains. As a best practice, we recommend that users verify the legitimacy of a link by going directly to our website from your own saved favorites, web search, or by typing the domain name yourself.”

For more guidance on how to protect against online phishing scams, you can refer to Microsoft’s official support page at: support.microsoft.com.

MICROSOFT CROSSES THE PRIVACY LINE AS LOW AS EXPECTED

A man works with a laptop in front of the window.

A convincing Windows update scam spreads malware that can hijack saved passwords, cookies, payment data and Discord tokens. (Todor Tsvetkov/Getty Images)

How to protect yourself from fake Windows update malware

You don’t need to be a security expert to prevent this. A few habits make a big difference.

1) Update Windows only from your settings

Go Settings > Windows Update and check updates There. Avoid downloading updates from websites.

2) Check the URL again

Real Microsoft pages use microsoft.com. Anything else, even if it appears nearby, should raise a red flag.

3) Be wary of urgent update prompts

If a site or message is pressuring you to install an update, stop and manually verify the update.

4) Use strong antivirus software with behavioral detection

Traditional antivirus software, which usually comes built into your device or as basic security software, essentially looks for known threats using signature matching; This means it can miss new or well-disguised attacks like this. Powerful antivirus software uses behavioral detection to monitor what programs are doing in real time, helping flag suspicious activity even if the malware has not been seen before. Get my picks for the 2026 winners for the best antivirus protection for your Windows, Mac, Android, and iOS devices at: cyberguy.com.

5) Use a data removal service to limit your exposure

If your personal information is already floating around online due to past breaches, it can make scams like this more believable. A data removal service helps reduce how much of your information is publicly available and makes it harder for attackers to target you with specific phishing attempts. Check out my top picks for data removal services and run a free scan to see if your personal information is already on the internet by visiting: cyberguy.com

6) Turn on two-factor authentication

Two-factor authentication (2FA) adds a second layer of protection in case your passwords are stolen.

7) Avoid downloading installer files from unknown sites

Legitimate updates rarely require manual download.

Kurt’s important takeaways

Fake updates are one of the most effective tricks because they take advantage of something we all trust. Keeping your system secure shouldn’t put you at risk, but that’s exactly what attackers are exploiting here. The safest move is to slow down, verify where updates are coming from, and stick to built-in tools whenever possible.

Are tech companies doing enough to prevent fake updates from putting your data at risk? Let us know your thoughts in the comments below. Let us know by writing to us. cyberguy.com.

CLICK TO DOWNLOAD FOX NEWS APPLICATION