A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.
Malwarebytes Labs researchers spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Suspect arrested after incendiary device thrown at OpenAI CEO Sam Altman’s home
April 11, 2026
A 20-year-old man has been arrested after a Molotov cocktail was thrown at the San Francisco home of OpenAI CEO Sam Altman early Friday morning. The incident happened around 4:00 am when a suspect “threw an incendiary destructive device” at Altman’s home, “causing a fire to one exterior gate” before fleeing on foot, according to statement ...
- Hungary: Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts
April 11, 2026
Hungary’s government has discovered the hard way that the biggest threat to national security might just be its own password choices. An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance. This doesn’t look ...
- FBI Atlanta, Indonesian Authorities Take Down Global Phishing Network Behind Millions in Fraud Attempts
April 10, 2026
In a first-of-its-kind joint cyber investigation, the FBI Atlanta Field Office and Indonesian law enforcement authorities have dismantled a sophisticated global phishing operation that enabled cybercriminals to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. The operation centered on the W3LL phishing kit, a widely used cybercrime tool that allowed ...
- CPU-Z, HWMonitor watering hole infection – a copy-pasted attack
April 10, 2026
On April 9, 2026, the website cpuidcom, hosting installers for popular system administration software CPU-Z, HWMonitor (HWMonitor Pro) and Perfmonitor 2, was compromised. Kaspersky researchers observed that starting from approximately April 9, 15:00 UTC, until about April 10, 10:00 UTC, the legitimate download URLs for installers of that software have been replaced with URLs to the ...
- ClickFix finds a new way to infect Macs
April 10, 2026
ClickFix campaigns are looking for alternatives now that many Mac users have been made aware of the dangers of pasting certain commands into Terminal. Researchers found that ClickFix has kept the same social engineering playbook but completely sidestepped Terminal by using the applescript:// URL scheme to auto‑open Script Editor with a ready‑to‑run script that pulls Atomic ...
- Hacker stole £700,000 from UK energy company by redirecting payment
April 9, 2026
British oil and gas company Zephyr Energy says someone stole £700,000 (close to $1 million) from one of its U.S.-based subsidiaries by redirecting a payment meant for a contractor into a hacker-controlled account. In a regulatory filing with the London Stock Exchange on Thursday, the company said it is “working with the corresponding banks and ...