Credential Sniffing Malware Disguised as Windows 11 Update Targets Users

Credential Sniffing Malware Disguised as Windows 11 Update Targets Users

First seen 13 Apr 2026, 20:03 UTC Tech.YahooMezha.UaTechnobezzExtremetechTechspot+7 90% similarity 70.5

Article Content

Browse articles
ThreatCluster

A sophisticated phishing campaign is distributing malware disguised as a Windows 11 24H2 update through a fake support website. The site, using the domain 'microsoft-update.support', mimics official Microsoft branding and offers a download for a cumulative update. Users who download the 83MB MSI package, named 'WindowsUpdate 1.0.0.msi', unknowingly install malware that steals sensitive information, including passwords and payment details. The malware employs legitimate packaging tools and obfuscation techniques to evade detection by antivirus software, showing zero detections on VirusTotal during initial scans. Once installed, it modifies system settings to ensure persistence and exfiltrates data to external servers. Security experts recommend that users only download updates through official Microsoft channels. As of April 2026, Microsoft has not released the 24H2 update to general users, emphasizing the need for caution against unofficial sources.

Key Points: • A fake Windows update site is distributing malware that steals user credentials. • The malware evades detection by using legitimate packaging tools and obfuscation techniques. • Users are advised to only download updates from official Microsoft channels.

ThreatCluster AI

Timeline

2026-04-13
Malwarebytes reports on the fake Windows update site.
2026-04-14
Multiple news outlets publish articles on the malware campaign.

Community

Browse all →