Fake Microsoft Site Spreads Malware via Deceptive Windows 11 Update
Cybersecurity firm Malwarebytes has identified a sophisticated phishing campaign utilizing a fake website to distribute malware disguised as a Windows 11 update. The malicious site, hosted on domains like microsoft-update.support, closely mimics official Microsoft support pages to trick users into downloading an executable file named WindowsUpdate.exe. This malware successfully evaded detection by all 69 antivirus engines on VirusTotal at the time of discovery. Once installed, the malware operates stealthily to steal sensitive information, including credit card details, banking credentials, passwords, and system data. Experts warn that legitimate Windows updates only appear through the operating system's Settings menu or specific system notifications, never via web banners or unsolicited links. Users are advised to strictly verify domain names in browser address bars, looking for variations or unusual extensions that indicate phishing attempts. If a suspicious executable runs without standard update progress indicators, it is likely malicious. In such cases, immediate cessation of activity and professional technical assistance are recommended, as standard antivirus software may fail to remove the deeply embedded threat. This alert highlights the increasing sophistication of cyberattacks targeting user inattention and the critical need for manual verification of software sources.
Wire timeline
Fake Microsoft Site Spreads Malware via Deceptive Windows 11 Update
Cybersecurity firm Malwarebytes has identified a sophisticated phishing campaign utilizing a fake website to distribute malware disguised as a Windows 11 update. The malicious site, hosted on domains like microsoft-update.support, closely mimics official Microsoft support pages to trick users into downloading an executable file named WindowsUpdate.exe. This malware successfully evaded detection by all 69 antivirus engines on VirusTotal at the time of discovery. Once installed, the malware operates stealthily to steal sensitive information, including credit card details, banking credentials, passwords, and system data. Experts warn that legitimate Windows updates only appear through the operating system's Settings menu or specific system notifications, never via web banners or unsolicited links. Users are advised to strictly verify domain names in browser address bars, looking for variations or unusual extensions that indicate phishing attempts. If a suspicious executable runs without standard update progress indicators, it is likely malicious. In such cases, immediate cessation of activity and professional technical assistance are recommended, as standard antivirus software may fail to remove the deeply embedded threat. This alert highlights the increasing sophistication of cyberattacks targeting user inattention and the critical need for manual verification of software sources.
repubblica