Fake Windows Support Site Spreads Password-Stealing Malware

This Fake Windows Support Website Delivers Password-Stealing Malware

A fake Microsoft support site has been discovered that looks like it offers a normal Windows update but actually installs password-stealing malware built to grab browser credentials, payment data, account tokens, and Discord information.

How the Scam Works

The campaign uses a typosquatted domain, a convincing Windows 24H2 update page, and a legitimate-looking MSI installer to make the file appear safe — even though the real malicious logic is hidden inside an Electron app and a disguised Python payload.

Once installed, the malware sets up persistence, fingerprints the victim, contacts remote infrastructure, and uploads stolen data — all while trying to avoid detection by using common trusted components and obfuscated code.

Who Is Being Targeted?

The scam appears aimed at French-speaking users, likely because recent large-scale French data breaches have made localized lures more believable.

Key Takeaways

A file showing zero antivirus detections can still be dangerous.
Windows updates should only be installed through the built-in Windows Update feature or Microsoft’s official update catalog.

Recent news

Agentic AI Transforms Hospitality: Real-Time Guest Personalization

Admin2026-04-23T07:02:07+10:00April 23, 2026|Categories: News - General|

Timeshifter Raises $5.3M for AI Jet Lag Solutions

Admin2026-04-23T07:01:46+10:00April 23, 2026|Categories: News - General|

AI Skills Gap in Hospitality: 97% Unprepared

Admin2026-04-23T07:01:21+10:00April 23, 2026|Categories: News - General|

AI Booking Platforms: Reliability Risks & Vetting Tips

Admin2026-04-23T07:00:53+10:00April 23, 2026|Categories: News - General|

AI Booking Channels: SiteMinder’s New Hotel Discovery

Admin2026-04-23T07:00:28+10:00April 23, 2026|Categories: News - General|

Why Big Tech Won’t Stop Online Scams

Admin2026-04-23T06:38:40+10:00April 23, 2026|Categories: News - General|