Skip to main content
  1. Home
  2. Computing
  3. News

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

A fake Windows update site is tricking users into installing malware

By
Add as a preferred source on Google
malwarebytes laptop
Malwarebytes

If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately. Malwarebytes has just spotted a fake Microsoft support website (microsoft-update.support) that pretends to offer a cumulative update for Windows 24H2 but actually delivers password-stealing malware.

The entire page is dressed up to look official, and even uses proper KB-style reference and downloads an 83MB MSI file called Windowsupdate1.0.0.msi that looks quite legit even in the file properties.

What the malware actually does

The Malwarebytes logo against a white background.
Malwarebytes

The site is currently written in French, which suggests that the scam is currently targeting French-speaking users first. But Malwarebytes warns that these operations can spread quickly. The installer itself was built with the legitimate WiX Toolset, and its metadata is spoofed to make it look Microsoft-made. This helps it blend in both for users and for some basic security checks.

Recommended Videos

The MSI drops an Electron-based app into the user’s AppData folder, then launches additional components, including a disguised Python runtime. From there, the malware then pulls in tools and packages associated with data theft, like components used for encryption, process inspection, and deeper Windows access. The firm says the malicious code also targets Discord by modifying its files to intercept login tokens, payment details, and two-factor authentication changes.

malwarebytes laptop
Malwarebytes

Malwarebytes says it also fingerprints victims by checking IP and geolocation, contacts command-and-control infrastructure hosted through Render and Cloudflare Workers, and uploads stolen data through Gofile.

Why you should heed this warning

An unsettling detail uncovered in the report is that, at the time Malwarebytes analyzed it, the main executable and launcher showed zero detections across dozens of antivirus engines on VirusTotal. The company says that it is because the malware hides its logic inside obfuscated JavaScript, legitimate Electron components, and runtime-delivered Python tooling instead of one obviously malicious binary. So basically, do not fall for this fake Windows support site. It is not helping you patch your PC. It is trying to rob it.

Vikhyaat Vivek
Vikhyaat Vivek
Vikhyaat Vivek is a tech journalist and reviewer with seven years of experience covering consumer hardware, with a focus on…
Topics
Gemini will now take notes for you in Google Meet for you, if you the minimum $20 AI tax
Yet another Google subscription just dropped for Gemini
Google Meet Take Notes for me Gemini

Google has just released a useful Gemini feature, which you can try if you are a paying member of course. The company is now bringing "Take notes for me" for Gemini, which will be available in Google Meet for Google AI Pro and Google AI Ultra subscribers, along with eligible Workspace business customers.

For personal users, the feature starts with Google AI Pro, which costs $19.99 per month in the US. In other words, Gemini can now take your Google Meet notes, provided you pay the minimum AI tax.

Read more
After iPad Pro and MacBook Pro, the iMac could be the next in line for an OLED screen upgrade
iMac with M4

The iPhone got an OLED panel in 2017, while the iPad Pro followed in 2024. Even the MacBook Pro is expected to follow later this year or early next year. But what about the iMac?

According to TrendForce, the iMac could get an OLED upgrade. There's no timeline yet, but the direction is clear. Apple wants to replace its current display technologies with OLED, raising the bar for color quality for both regular users and professionals.

Read more
This $1,299 gaming PC wants to be a Steam Machine without waiting for Valve
Valve’s Steam Machine dream is already real in MetaPC's new prebuilt
MetaPC's Steamroller is a new Steam Machine rival

Valve’s Steam Machine may be the face of SteamOS, but the platform isn't exclusive to it. A big announcement after Steam Machine's unveiling was that SteamOS would be arriving on systems outside of the new hybrid console. Now, MetaPCs is one of the first to take advantage of this by opening the preorders for the Steamroller, a new prebuilt gaming desktop that ships with SteamOS installed by default.

Though Steamroller is not trying to be a tiny console-like cube. It is a normal desktop PC with standard parts and a real upgrade path. The system costs $1,299 and is listed with a preorder date of July 3, 2026.

Read more