Fake Windows 11 support site distributes malicious “update” designed to steal data

The cybersecurity company Malwarebytes has issued a warning about a fraudulent Windows support website that offers users a “cumulative update” download for Windows 11 24H2. Both the webpage and the file appear highly convincing and do not raise immediate suspicion. Clicking the “Download update” button triggers the download of an 83 MB package designed to steal passwords, payment details, and user account credentials.

Mechanism of deception and file structure

The malicious package was built using WiX Toolset version 4.0.0.5512 — a legitimate open-source installer creation tool. The file, named WindowsUpdate 1.0.0.msi, contains falsified metadata: the “Author” field lists Microsoft, while the title is set to Installation Database. File comments claim it contains “logic and data required to install WindowsUpdate,” which can mislead inexperienced users.

Antivirus evasion techniques and hidden logic

Researchers at Malwarebytes highlight the exceptional stealth of this malware. At the time of analysis, VirusTotal reported 0 detections out of 69 antivirus engines for the main executable file and 0 out of 62 for the VBS loader. The malware’s effectiveness lies in its architecture: the Electron shell, used by millions of applications, conceals malicious logic within obfuscated JavaScript code that antivirus solutions do not thoroughly inspect. Additionally, a Python-based payload is employed, executed under a spoofed process name and dynamically loading components from legitimate sources during runtime. Only full-chain behavioral analysis allows the detection of data exfiltration.

Attackers are using the domain microsoft-update.support, whereas the official support website is located at support.microsoft.com. Malwarebytes has already added this threat to its detection database for automatic identification.


Don't miss interesting news

Subscribe to our channels and read announcements of high-tech news, tes

Leave a Reply

Your email address will not be published. Required fields are marked *





Articles & testsArticles

Oppo A6 Pro smartphone review: ambitious Oppo A6 Pro (CPH2799)

Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.


Sony WF-1000XM6 Bluetooth headphones review: full power

The new Sony WF-1000XM6 headphones have slightly changed their shape compared to their predecessor, received a new processor, an improved noise cancellation system, more microphones, and generally made a noticeable step forward technically.


NewsNews
| 11.12
Russian hackers are massively attacking vulnerable routers

An international coalition warns of the active exploitation of vulnerable network equipment by state hackers from the Russian Federation. Hackers gain access to critical infrastructure through weak points in routers for long-term espionage.

| 10.07
Google Pixel 11 smartphones accidentally appeared on Amazon before the announcement

Data about the Pixel 11 series leaked directly from Amazon: display characteristics, colors and battery capacity of future products