A fake Windows update is out there stealing users passwords and other sensitive data. The scam looks like a normal Microsoft update page, complete with official-looking branding, a fake knowledge base number, and a big blue download button.
However, instead of patching your PC, the file installs malware that can steal saved passwords, payment details, cookies, Discord tokens, and account access. Microsoft is aware of the threat and you should too.
“We encourage customers to be cautious of unexpected prompts or downloads and to verify that they are interacting with legitimate Microsoft domains. As a best practice, we recommend users verify the legitimacy of a link by going directly to our website from your own saved favorite, from a web search, or by typing the domain name yourself.” A Microsoft spokesperson told CyberGuy.
The damage is not minor
The trick starts with a typosquatted domain, which is basically a web address that looks close enough to a real Microsoft URL to pass a lazy glance.
According to Malwarebytes Labs, the malware hides behind layers of normal-looking activity. The installer looks like a standard Windows file. It even lists “Microsoft” in its properties, which is exactly the kind of tiny detail that makes people trust it.
Behind the scenes, though, things get messy fast, as the installer launches what looks like a regular app. That app quietly runs hidden scripts, a disguised process loads a full Python environment, then, the actual data-stealing tools wake up in the background.
Once installed, the malware starts collecting information about your device, including your IP address and location. Then, it connects to remote servers to receive instructions and send stolen data back.
Saved browser passwords, login cookies, payment details, Discord tokens, and active sessions are all targets here. In some cases, it can even mess with apps like Discord to intercept activity in real time.
Another jarring part of all this is that the malware tries to stay on your system after a reboot. One trick mimics a normal Windows Security Health process while another drops a startup shortcut with a familiar name like Spotify. Basically, it dresses up as boring system clutter and hopes you never look twice.
The main rule to follow
Do not download Windows updates from random websites. Instead, go to Windows Update from the Settings page. If you have to do anything from the website, go to the Microsoft domain yourself. It’s microsoft.com. Nothing more, nothing less.
And in general, be suspicious of urgent update prompts.
Other suggestions include turning on two-factor authentication and avoiding installer files from unknown sites. Always remember that a “clean-looking” page doesn’t mean a clean download.
Source: Fox News