Cybersecurity researchers have identified a sophisticated campaign involving a fraudulent Windows Update designed to steal sensitive user information. Disguised as a legitimate cumulative update for Windows version 24H2, the malware is being distributed through a deceptive Microsoft support website. The threat is particularly dangerous as it mimics official documentation, including a believable Knowledge Base (KB) article number, to bypass both user suspicion and automated security tools.

The campaign was first detailed by Stefan Dasic, a malware researcher at Malwarebytes, who noted that the fake Windows Update specifically targets account passwords and payment data. While the current wave appears focused on French-speaking users, experts warn that such regional campaigns often expand globally within a short timeframe. Apple iPhone Vulnerability: 'DarkSword' Spyware Hits Millions of iPhones As Researchers Uncover Global ‘Hit-and-Run’ Hacking Campaign.

The Mechanism of the Fake Windows Update

The attack begins when a user is directed to a malicious website that closely replicates the appearance of an official Microsoft support page. From this site, users are prompted to download what is presented as an essential Windows Update. Once executed, the file does not patch the operating system but instead installs a data-harvesting tool that terminates active security software to avoid detection.

According to Dasic, the file's ability to look legitimate is its primary strength. By wrapping the malware in a package that resembles a standard cumulative update, the attackers increase the likelihood that the download will "slip past" the standard vigilance of even experienced users.

Windows Update: Risks to Data and System Integrity

The primary objective of this malicious Windows Update is the theft of digital identities. Once the system is compromised, the malware scans for saved browser passwords, cryptocurrency wallet information, and credit card details stored on the device. Because the tool proactively disables security software, the infection can persist for extended periods without the user’s knowledge.

Beyond the immediate loss of data, security analysts express concern that these incidents undermine trust in the genuine Windows Update process. If users become hesitant to install official security patches for fear of malware, the overall vulnerability of the global Windows ecosystem increases significantly.

How to Verify a Genuine Windows Update

Microsoft and security researchers emphasize that users should never download system patches from third-party websites or links received via unsolicited messages. The safest way to manage a Windows Update is through the built-in system settings on the device. To ensure your system remains secure, follow these protocols:

  • Only install updates through Settings > Windows Update > Check for updates.

Be wary of "Microsoft Support" websites that prompt for immediate downloads outside of the official Windows Update interface.

Use multi-factor authentication (MFA) to protect accounts even if passwords are compromised. Keep reputable, third-party antivirus software updated to catch emerging threats that might disable native tools. EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal Sensitive Data Silently, Now Fixed.

Global Reach and Threat Assessment

While the initial analysis identified a focus on French users, the infrastructure used for this fake Windows Update is highly adaptable. Cybersecurity firms are monitoring for similar domains and file names in other languages. Users worldwide are urged to remain cautious, as the "Patch Tuesday" cycle often provides cover for attackers to release concurrent, fraudulent updates while the public is focused on legitimate security maintenance. The transition to Windows version 24H2 has provided a new hook for these attackers, as users are frequently looking for the latest performance and security enhancements associated with the new version.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (Forbes), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Apr 15, 2026 10:24 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).