Fake Windows 11 24H2 Update Poses as Legit Download to Steal Data

Security researchers at Malwarebytes have found a fake Windows 11 24H2 update campaign that steals sensitive data from Windows PC users.

The attackers host a very convincing Microsoft‑style support page on a domain called "microsoft-update[.]support" and encourage visitors to download what they claim is a cumulative update for Windows 11 24H2. In reality, the download is an MSI installer named "WindowsUpdate 1.0.0.msi" that uses legitimate packaging tools and spoofed Microsoft metadata to look authentic.

When people run the installer, it sets up an Electron‑based app in the AppData folder and launches it via a script that uses Windows' own cscript.exe tool. This chain then starts a renamed Python interpreter, loads a Python environment, and then loads additional modules that the malware uses to steal data.

Researchers say the malware grabs browser‑stored passwords, cookies, account sessions, and even Discord data, then sends this ...