Cybercriminals are exploiting Microsoft Windows users with a new scam involving fake software updates. Users are being directed to deceptive websites that mimic official Microsoft pages to download what appears to be a legitimate Windows update. However, these files contain dangerous malware aimed at stealing sensitive information like passwords and payment details.
According to cybersecurity researchers at Malwarebytes, the scam utilizes websites designed to look like Microsoft Support and Windows Update pages, using Microsoft’s fonts, colors, and design to appear authentic. To avoid falling victim to this scam, users are advised not to click on any suspicious links but instead to manually check for updates through the Windows Update feature in the system settings.
The downloaded malware file closely resembles a genuine update, making it challenging for users and security software to detect its malicious nature. While the current targets seem to be primarily in France, experts caution that the scam could quickly spread to other regions, emphasizing the importance of remaining cautious and refraining from downloading dubious updates.
To safeguard against such threats, users should refrain from clicking on update links received via email, text messages, or social media. The recommended approach is to install updates directly through the Windows Update feature by navigating to Settings and selecting “Check for updates.” Users are also advised to be skeptical of any website offering a separate Windows update download and to enable automatic updates to minimize the risk of falling for fake update scams.
In particular, Windows 11 users should exercise extra caution when receiving unexpected urgent update messages and only install software through official Microsoft channels to enhance their protection against these fraudulent activities.