"Zero detections across 69 engines": A fake Windows 11 24H2 update is slipping past antivirus to try and steal your passwords

Bad actors and hackers are increasingly using sophisticated techniques to carry out malicious attacks on unsuspecting users, especially as generative AI has burst onto the scene. What are the odds that you'd run into some trouble trying to install a Windows update on your device?

While it feels like it should be impossible, that's NOT the case. There's reportedly a fake Windows support page designed to trick unsuspecting users into downloading malware onto their devices and accessing their confidential data by stealing their passwords.

The impostor website looks like a normal cumulative update for Windows 11, version 24H2, so much so that it can bypass detection from both users and security tools.

According to Malwarebytes:

"We spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update."

Perhaps more concerningly, the cybersecurity company indicates that it's almost impossible to tell that the website is fake and could potentially compromise your PC's security, since its file properties are carefully spoofed.

The malware is packaged as a Windows update and is built using WiX Toolset 4.0.0.5512, which Malwarebytes describes as "a legitimate open-source installer framework."

The 83 MB package is called "WindowsUpdate 1.0.0.msi," and the Author field conveniently reads "Microsoft," while the title reads "Installation Database." The comments field claims it contains the logic and data required to install WindowsUpdate.

The malware might even circumvent the antivirus you've installed on your Windows 11 PC.

A deeper look into the package reveals that it’s hiding malicious code inside an Electron shell. Your device's security system flags the outer layer, which is a legitimate framework across many apps, but doesn't go deep enough to catch the malicious script buried within.

As a general rule of thumb, you'll be much safer checking and downloading new Windows updates from the Settings app in Windows 11. Alternatively, you can head over to Microsoft's genuine support hub to manually download legitimate Windows updates from support.microsoft.com.

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.