A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.
Malwarebytes Labs researchers spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors
March 5, 2026
Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers. In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational ...
- ‘Hundreds’ of Iranian hacking attempts have hit surveillance cameras since the missile strikes
March 4, 2026
Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war started on February 28, according to Check Point security researchers. The Tel Aviv-based security shop has tracked “hundreds” of attempts to exploit a handful of bugs in IP cameras made by two manufacturers, Hikvision and Dahua, ...
- CIMB refutes claims of data breach involving 1.2 million records
March 4, 2026
CIMB Group Holdings Bhd has given assurance that claims circulating online about a data breach involving its customers are false and that customer data continues to be protected. The financial services provider said on social media platform X that its security teams have verified that all systems are secure and that customer data remains fully safeguarded. ...
- Europol, Microsoft, TrendAI and Collaborators Halt Tycoon 2FA Operations
March 4, 2026
Researchers from TrendAI have been tracking the infrastructure, as well as the campaigns and operator behaviors that can be linked to Tycoon 2FA to build a clearer picture of how its services was being used at scale. By November 2025, TrendAI had collected enough data to link the operation to an actor using the monikers “SaaadFridi” ...
- Google patches 129 Android security flaws — including a potentially dangerous Qualcomm zero-day
March 3, 2026
Google has released a new security update which fixed 129 vulnerabilities in the Android ecosystem, including 10 critical-severity bugs, and one high-severity issue apparently being exploited in the wild. In a security advisory, Google said that it fixed a buffer over-read vulnerability in the Graphics component (an open-source Qualcomm module). The bug, tracked as CVE-2026-21385, was ...
- Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
March 3, 2026
Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of 23 exploits. The core technical ...