Fake Windows update installs hidden malware

If you've ever clicked "Check for updates" and trusted what you saw, you're not alone. That's precisely what this latest scam is counting on.

The leafage mimics authoritative branding, includes a believable cognition basal fig and presents a large bluish download fastener that feels familiar.

The catch? The download installs malware designed to bargain passwords, outgo details and relationship access.

According to researchers astatine Malwarebytes Labs, a cybersecurity probe and menace quality squad wrong Malwarebytes, the tract uses a typosquatted domain that looks adjacent capable to a existent Microsoft URL to fool a speedy glance. That tiny instrumentality is often each it takes.

APPLE APP PASSWORD SCAM EMAIL WARNING
 

Cybersecurity researchers pass a fake Microsoft update tract uses a look-alike URL and a acquainted download fastener to present data-stealing malware. (Michael Nagle/Bloomberg via Getty Images)

Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, visit CyberGuy.com – trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join. 

Why this fake Windows update malware slips past detection

At archetypal glance, thing seems off. The record looks similar a modular Windows installer. It adjacent lists "Microsoft" successful its properties. That's wherever this onslaught gets clever. Instead of utilizing evident malicious code, the attackers built the installer with morganatic tools and layered the onslaught successful stages. Each portion looks harmless connected its own.

Here's what's happening down the scenes:

• The installer launches what appears to beryllium a mean app
• That app softly runs hidden scripts
• A disguised process loads a afloat Python environment
• Data theft tools activate successful the background

Because each measurement looks routine, galore information tools neglect to emblem it close away. Researchers besides noted that antivirus engines initially showed zero detections for cardinal parts of the attack. That does not mean the record is safe. It means the malicious behaviour is good hidden.

What this fake Windows update malware is stealing

Once installed, the malware gets to enactment fast. It collects details astir the infected device, including determination and IP address. Then it reaches retired to distant servers to person instructions and upload stolen data.

The targets include:

• Saved browser passwords
• Login sessions and cookies
• Payment details
• Discord relationship tokens

It adjacent tries to unopen down different processes connected your strategy to debar interference portion it works. In immoderate cases, it modifies apps similar Discord to intercept relationship enactment successful existent time.

How the fake Windows update malware stays connected your system

This malware is designed to instrumentality around. It creates entries that look similar mean strategy processes, truthful they blend in. One registry introduction mimics Windows Security Health, which astir users would ignore. It besides drops a shortcut successful your startup folder with a acquainted sanction similar Spotify. That makes it casual to overlook. Two antithetic persistence tricks mean it tin past a reboot and support running.

FAKE WINDOWS UPDATE PUSHES MALWARE IN NEW CLICKFIX ATTACK
 

A fake Windows update leafage is tricking users into downloading malware that steals passwords, outgo details and relationship access. (Beata Zawrzel/NurPhoto)

Why this fake Windows update scam feels truthful real

There's a bigger inclination down this. Researchers accidental campaigns similar this often people regions wherever ample information breaches person already exposed idiosyncratic information. When attackers already cognize your name, supplier oregon habits, they tin physique scams that consciousness tailored to you. That makes a fake Windows update leafage acold much believable than a generic phishing email.

It besides highlights thing important. Today's malware often hides wrong morganatic tools and trusted frameworks. That makes it harder to observe and easier to trust. This run shows however acold scammers person come. They are nary longer relying connected sloppy emails oregon evident fake links. Instead, they are gathering layered attacks that look and behave similar trusted software.

Even experienced users tin get caught disconnected defender erstwhile everything appears normal. The biggest takeaway is simple. A cleanable scan effect oregon a acquainted interface does not warrant safety.

Microsoft says it's alert of the threat

Microsoft confirmed it is tracking this benignant of enactment and urges users to beryllium cautious erstwhile downloading updates from unfamiliar sources. 

"We are alert of reports of fraudulent websites impersonating Microsoft, and we actively enactment to observe and disrupt malicious enactment crossed the internet," A Microsoft spokesperson told CyberGuy. "We promote customers to beryllium cautious of unexpected prompts oregon downloads and to verify that they are interacting with morganatic Microsoft domains. As a champion practice, we urge users verify the legitimacy of a nexus by going straight to our website from your ain saved favorite, from a web search, oregon by typing the domain sanction yourself."

For much guidance connected however to support against online phishing scams, you tin notation to Microsoft's authoritative enactment leafage at support.microsoft.com.

MICROSOFT CROSSES PRIVACY LINE FEW EXPECTED
 

A convincing Windows update scam is spreading malware that tin drawback saved passwords, cookies, outgo information and Discord tokens. (Todor Tsvetkov/Getty Images)

Ways to enactment harmless from fake Windows update malware

You don't request to beryllium a information adept to debar this. A fewer habits marque a large difference.

1) Only update Windows from your settings

Go to Settings > Windows Update and cheque for updates there. Avoid downloading updates from websites. 

2) Double-check the URL

Real Microsoft pages usage microsoft.com. Anything else, adjacent if it looks close, should rise a reddish flag.

3) Be cautious with urgent update prompts

If a tract oregon connection pressures you to instal an update, halt and verify it manually. 

4) Use beardown antivirus bundle with behaviour detection

Traditional antivirus software, which often comes built into your instrumentality oregon arsenic basal information software, chiefly looks for known threats utilizing signature matching, which means it tin miss caller oregon well-hidden attacks similar this one. Strong antivirus bundle uses behaviour detection to show what programs are doing successful existent time, helping emblem suspicious enactment adjacent if the malware hasn't been seen before.  Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5) Use a information removal work to bounds your exposure

If your idiosyncratic accusation is already circulating online from past breaches, it tin marque scams similar this much convincing. A information removal work helps trim however overmuch of your accusation is publically available, making it harder for attackers to people you with tailored phishing attempts. Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com

6) Turn connected two-factor authentication

Two-factor authentication (2FA) adds a 2nd furniture of extortion if your passwords are stolen.

7) Avoid downloading installer files from chartless sites

Legitimate updates seldom necessitate manual downloads. 

Kurt's cardinal takeaways

Fake updates are 1 of the astir effectual tricks due to the fact that they pat into thing we each trust. Keeping your strategy unafraid should not enactment you astatine risk, yet that's precisely what attackers are exploiting here. The safest determination is to dilatory down, verify wherever updates travel from and instrumentality to built-in tools whenever possible.

Are tech companies doing capable to support fake updates from putting your information astatine risk? Let america cognize your thoughts successful the comments below. Let america cognize by penning to america at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, visit CyberGuy.com – trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join.

Copyright 2026 CyberGuy.com. All rights reserved.