Security Company Malwarebytes has recently identified a fake Windows Update site that closely mimics an official Microsoft site to trick users into downloading a malicious update.
According to Malwarebytes, the phishing site convincingly mimics official Microsoft support pages, and the attack targets Windows users by offering what appears to be a legitimate cumulative update for Windows 11 24H2.
The attack uses trustworthy technologies in a layered approach to help the malware evade antivirus detection. The malware is a typical data-theft variant that, once successfully deployed, can harvest sensitive data, such as browser-stored credentials, Discord tokens, and financial (payment) related information.
Ironically, we published an article recently highlighting very similar types of threats – Has Security Software Won The Battle Against Malware – and this example of a fake phishing website only serves to emphasize the importance of user vigilance.
BOTTOM LINE:
While I doubt DCT readers would source Windows Updates in this manner, it doesn’t hurt to remind users to download Windows updates only via the native Windows Update setting or via the official Windows Support website.
Stay safe out there.
—
