A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.
Malwarebytes Labs researchers spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hasta la vista, Hastalamuerte: An Overview of The Gentlemen’s TTPs
March 19, 2026
In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that ...
- CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
March 19, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers. The agency said on Thursday that it was urging companies to take action and confirmed it was ...
- DarkSword: Second iOS exploit chain in a month targeting iPhone users
March 18, 2026
A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by “multiple” spyware vendors and suspected nation-state goons, security researchers said on Wednesday. The exploit kit, called DarkSword, has been in use since at least November 2025. It supports iOS versions 18.4 through 18.7, and exploits six different vulnerabilities to deploy ...
- Over 29 million secrets were leaked on GitHub in 2025, and AI really isn’t helping
March 18, 2026
Vibe-coding may seem great for quickly shipping products, but inexperienced developers are leaving gaping cybersecurity holes that are causing breaches and exposures left and right. This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research document, the organization said 2025 was the year when AI adoption ...
- Unpacking a new Horabot campaign in Mexico
March 18, 2026
In this instalment of Kaspersky SOC Files series, Kaspersky researchers will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot, a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex attack chain. Although previous research ...
- Apple patches WebKit bug that could let sites access your data
March 18, 2026
WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS. What this means is that the CVE-2026-20643 vulnerability makes it possible for a malicious website to pretend to be another site, maybe one you trust, and then read or steal information that should ...