Stealthy Malware Campaign Uses Fake Windows Update Site To Infect PCs

A new malware campaign has been uncovered by the security researchers at Malwarebytes Labs, which steals sensitive and personal information from unsuspecting Windows users. It has proven to be an effective attack thanks to both how this malicious piece of software has been designed and the use of a legitimate looking but fraudulent clone of a Microsoft website.

Potential victims are steered towards a typo squatted web address that at a quick glance looks legit. They are greeted with a web page that supposedly hosts the Windows 11 24H2 update and at first glance it appears to be an official Microsoft site.

After clicking on the “download the update” button victims get a file titled WindowsUpdate 1.0.0.msi, built with what Malwarebytes says is a” legitimate open-source installer framework.” Attackers use a combination of Electron, JavaScript and Python at various levels within the installation process, which leads to ...