A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.
Malwarebytes Labs researchers spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Viral AI, Invisible Risks: What OpenClaw Reveals About Agentic Assistants
February 6, 2026
The name OpenClaw might not immediately be recognizable, partly because it has undergone several name changes, from Clawdbot to Moltbot, then finally to OpenClaw. Yet one thing is certain: This new digital assistant feels genuinely groundbreaking. It remembers past interactions, keeps data on the user’s device, and adapts to individual preferences, making it feel like a ...
- Asia-based government spies quietly broke into critical networks across 37 countries
February 5, 2026
A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers. In total, the crew compromised at least 70 organizations, and maintained access to several of these for months. “While this group might be pursuing espionage objectives, its methods, targets and scale of ...
- Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
February 5, 2026
Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT sectors. Their campaigns are meticulously prepared and tailored to specific victims, featuring a signature ...
- Reducing the Attack Surface for End-of-Support Edge Devices
February 5, 2026
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.K.’s National Cyber Security Centre (NCSC) are releasing this fact sheet to urge defensive action against malicious cyber activity by nation-state threat actors. Nation-state threat actors exploit end-of-support (EOS) edge devices—including, but not limited to, load balancers, firewalls, routers, and virtual ...
- Data breach at govtech giant Conduent balloons, affecting millions more Americans
February 5, 2026
A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States. The January 2025 ransomware attack, which knocked out Conduent’s operations for several days, is now known to affect at least 15.4 million ...
- Apple’s new iOS setting addresses a hidden layer of location tracking
February 3, 2026
Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there’s another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was nothing you could do about it. Apple just changed this in iOS ...