Cybersecurity researchers have uncovered a sophisticated phishing campaign that impersonates official Microsoft support channels to distribute malware. The site lures users into downloading a fake "cumulative update" for Windows 11 version 24H2, which instead installs a password-stealing Trojan.
Security firm Seqrite first identified the threat, noting that the attackers designed the site to look nearly identical to legitimate Windows update portals. Once a user clicks the download link, the site initiates the installation of a malicious executable file.
Malware evades detection
This specific strain of malware is engineered to bypass standard anti-virus protections. Researchers found that the payload employs advanced obfuscation techniques to remain hidden from traditional security software during the initial infection phase.
Once installed, the malware operates silently in the background. It targets credentials stored in web browsers, including saved passwords, autofill data, and session cookies. The attackers then exfiltrate this sensitive information to remote servers, leaving the victim’s accounts vulnerable to unauthorized access.
Experts warn that the threat is particularly dangerous because it leverages the legitimate anticipation surrounding the Windows 11 24H2 release. By promising a necessary "cumulative update," the attackers exploit the trust users place in official system maintenance protocols.
Security analysts advise users to only download software updates directly through the Windows Update settings menu within the operating system. Users should avoid clicking on links from third-party websites or unofficial support forums, even if those pages appear professional or use official branding.
If a user suspects they have downloaded the malicious file, security professionals recommend disconnecting the machine from the network immediately. Running a full scan with reputable, updated security software or performing a clean system restore is necessary to ensure the malware is completely eradicated.
