Connect with us

Technology

Fake Windows update installs hidden malware

Published

on

Fake Windows update installs hidden malware

NEWYou can now listen to Fox News articles!

If you’ve ever clicked “Check for updates” and trusted what you saw, you’re not alone. That’s exactly what this latest scam is counting on.

The page mimics official branding, includes a believable knowledge base number and presents a big blue download button that feels familiar.

The catch? The download installs malware designed to steal passwords, payment details and account access.

According to researchers at Malwarebytes Labs, a cybersecurity research and threat intelligence team inside Malwarebytes, the site uses a typosquatted domain that looks close enough to a real Microsoft URL to fool a quick glance. That small trick is often all it takes.

Advertisement

APPLE APP PASSWORD SCAM EMAIL WARNING
 

Cybersecurity researchers warn a fake Microsoft update site uses a look-alike URL and a familiar download button to deliver data-stealing malware. (Michael Nagle/Bloomberg via Getty Images)

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join. 

Why this fake Windows update malware slips past detection

At first glance, nothing seems off. The file looks like a standard Windows installer. It even lists “Microsoft” in its properties. That’s where this attack gets clever. Instead of using obvious malicious code, the attackers built the installer with legitimate tools and layered the attack in stages. Each piece looks harmless on its own.

Here’s what’s happening behind the scenes:

  • The installer launches what appears to be a normal app
  • That app quietly runs hidden scripts
  • A disguised process loads a full Python environment
  • Data theft tools activate in the background

Because each step looks routine, many security tools fail to flag it right away. Researchers also noted that antivirus engines initially showed zero detections for key parts of the attack. That does not mean the file is safe. It means the malicious behavior is well hidden.

What this fake Windows update malware is stealing

Once installed, the malware gets to work fast. It collects details about the infected device, including location and IP address. Then it reaches out to remote servers to receive instructions and upload stolen data.

Advertisement

The targets include:

  • Saved browser passwords
  • Login sessions and cookies
  • Payment details
  • Discord account tokens

It even tries to shut down other processes on your system to avoid interference while it works. In some cases, it modifies apps like Discord to intercept account activity in real time.

How the fake Windows update malware stays on your system

This malware is designed to stick around. It creates entries that look like normal system processes, so they blend in. One registry entry mimics Windows Security Health, which most users would ignore. It also drops a shortcut in your startup folder with a familiar name like Spotify. That makes it easy to overlook. Two different persistence tricks mean it can survive a reboot and keep running.

FAKE WINDOWS UPDATE PUSHES MALWARE IN NEW CLICKFIX ATTACK
 

A fake Windows update page is tricking users into downloading malware that steals passwords, payment details and account access. (Beata Zawrzel/NurPhoto)

Why this fake Windows update scam feels so real

There’s a bigger trend behind this. Researchers say campaigns like this often target regions where large data breaches have already exposed personal information. When attackers already know your name, provider or habits, they can build scams that feel tailored to you. That makes a fake Windows update page far more believable than a generic phishing email.

Advertisement

It also highlights something important. Today’s malware often hides inside legitimate tools and trusted frameworks. That makes it harder to detect and easier to trust. This campaign shows how far scammers have come. They are no longer relying on sloppy emails or obvious fake links. Instead, they are building layered attacks that look and behave like trusted software.

Even experienced users can get caught off guard when everything appears normal. The biggest takeaway is simple. A clean scan result or a familiar interface does not guarantee safety.

Microsoft says it’s aware of the threat

Microsoft confirmed it is tracking this type of activity and urges users to be cautious when downloading updates from unfamiliar sources. 

“We are aware of reports of fraudulent websites impersonating Microsoft, and we actively work to detect and disrupt malicious activity across the internet,” A Microsoft spokesperson told CyberGuy. “We encourage customers to be cautious of unexpected prompts or downloads and to verify that they are interacting with legitimate Microsoft domains. As a best practice, we recommend users verify the legitimacy of a link by going directly to our website from your own saved favorite, from a web search, or by typing the domain name yourself.”

For more guidance on how to protect against online phishing scams, you can refer to Microsoft’s official support page at support.microsoft.com.

Advertisement

MICROSOFT CROSSES PRIVACY LINE FEW EXPECTED
 

A convincing Windows update scam is spreading malware that can grab saved passwords, cookies, payment data and Discord tokens. (Todor Tsvetkov/Getty Images)

Ways to stay safe from fake Windows update malware

You don’t need to be a security expert to avoid this. A few habits make a big difference.

1) Only update Windows from your settings

Go to Settings > Windows Update and check for updates there. Avoid downloading updates from websites. 

2) Double-check the URL

Real Microsoft pages use microsoft.com. Anything else, even if it looks close, should raise a red flag.

Advertisement

3) Be cautious with urgent update prompts

If a site or message pressures you to install an update, stop and verify it manually. 

4) Use strong antivirus software with behavior detection

Traditional antivirus software, which often comes built into your device or as basic security software, mainly looks for known threats using signature matching, which means it can miss new or well-hidden attacks like this one. Strong antivirus software uses behavior detection to monitor what programs are doing in real time, helping flag suspicious activity even if the malware hasn’t been seen before.  Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5) Use a data removal service to limit your exposure

If your personal information is already circulating online from past breaches, it can make scams like this more convincing. A data removal service helps reduce how much of your information is publicly available, making it harder for attackers to target you with tailored phishing attempts. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

6) Turn on two-factor authentication

Two-factor authentication (2FA) adds a second layer of protection if your passwords are stolen.

7) Avoid downloading installer files from unknown sites

Legitimate updates rarely require manual downloads. 

Advertisement

Kurt’s key takeaways

Fake updates are one of the most effective tricks because they tap into something we all trust. Keeping your system secure should not put you at risk, yet that’s exactly what attackers are exploiting here. The safest move is to slow down, verify where updates come from and stick to built-in tools whenever possible.

Are tech companies doing enough to keep fake updates from putting your data at risk? Let us know your thoughts in the comments below. Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Advertisement
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Technology

Apple’s plot to crush OpenAI

Published

on

Apple’s plot to crush OpenAI

Apple is suing OpenAI. The complaint is readable and intense, as these things often are, though many experts seem to think many of the allegations are just the ways things are done. So what does Apple really want here, and why is it picking such a public fight with OpenAI?

On this episode of The Vergecast, Nilay and David go through the lawsuit, and look at Apple’s history of splashy litigation to determine whether Apple is worried about a possible competitor or simply looking to capitalize on a weak moment for OpenAI. All this is happening as Apple ships the public betas of its new software, headlined by the new Siri AI, and we have thoughts about what it all means — and whether the new Siri is actually any good.

Continue Reading

Technology

New bank scam laws could stop suspicious payments

Published

on

New bank scam laws could stop suspicious payments

NEWYou can now listen to Fox News articles!

Your phone rings, and the caller says your bank account is under attack. To protect your savings, you must move the money right now. The caller sounds calm. The instructions feel official. However, the “safe account” belongs to a scammer. That pressure can turn years of savings into an irreversible transfer. Georgia now gives some banks and credit unions another chance to interrupt the payment before the money leaves.

House Bill 945 took effect July 1, 2026. The law lets financial institutions pause certain transactions when they reasonably suspect financial exploitation. It protects adults age 65 or older. It also covers adults with qualifying physical or mental incapacities, Alzheimer’s disease or dementia. The idea sounds simple. Yet the details matter because your bank’s power may depend on your state, your account and the institution’s own policy.

YOUR FAMILY COULD BE ONE PHONE CALL FROM A BANK SCAM

Free live CyberGuy class: Sick of Spam? Join us July 22.

Advertisement

Join us Wednesday, July 22, at 1 PM ET for a free CyberGuy Live class that will help you cut down on robocalls, spam texts, junk email and other unwanted messages. Kurt “CyberGuy” Knutsson will walk you step by step through simple ways to filter spam, clean up your inbox and recognize the messages that could put your personal information at risk. No technical experience is needed. You’ll also receive our spam-stopping checklist, and every registrant will get a link to the class recording afterward.

Reserve your free spot today at CyberGuyLive.com.

Georgia’s new bank scam law lets financial institutions pause certain suspicious transactions involving older or vulnerable adults. (Getty)

Georgia’s new bank scam law can pause a suspicious payment

Under Georgia’s law, a financial institution may place a hold on a transaction linked to suspected exploitation. The law can cover an eligible adult’s account or an account where that adult is a beneficiary. It can also reach an account belonging to someone suspected of carrying out the exploitation. That last provision gives the law extra reach. In practice, it could help when suspicious money arrives in another customer’s account. The institution may have room to stop the payment from moving farther when the facts support concern.

However, the law gives banks discretion. It says a financial institution may place the hold, but it does not require one. Therefore, a worried teller or fraud analyst still has to notice the warning signs and act. The law also focuses on the suspicious transaction. It does not automatically shut down every payment or withdrawal connected to the account.

Advertisement

A possible 30-day delay comes with limits

A Georgia hold initially expires after 15 business days. The bank may add up to 15 more business days if its review still supports the exploitation concern. A court may shorten or extend that period. The bank must notify authorized account parties and any trusted contact within three business days. It can skip someone it reasonably suspects of taking part in the exploitation. The institution must also begin reviewing the facts behind its decision.

Before using this power, the institution must train the employees involved. It also needs written procedures for reviewing suspected exploitation. The law gives institutions liability protection when they act in good faith and use reasonable care.

A trusted contact can help without controlling your money

Georgia’s law also allows an eligible adult to name a trusted contact for an account. That person could be a relative, friend or another adult the account owner trusts. The bank may contact that person when it suspects exploitation. It may also ask for help confirming contact information, health status or the identity of someone holding power of attorney. In some cases, the institution may share only that it suspects exploitation.

A trusted contact does not automatically gain access to your balance. The role also does not grant authority to move your money or make decisions for you. Federal regulators describe the contact as a backup person whom the institution can alert when something looks wrong.

Which states let banks pause suspected scam payments?

Georgia is part of a much larger shift. As of today, at least 33 states have enacted laws that let banks, credit unions or other covered financial institutions delay certain transactions when they suspect financial exploitation.

Advertisement

The FTC’s most recent nationwide chart identified 24 states with these laws.

However, the agency warned that its chart was only a snapshot and advised readers to check current state statutes.

However, the agency warned that its chart was only a snapshot and advised readers to check current state statutes. Since that report, nine additional states have enacted protections.

These 33 states have enacted transaction-hold protections

The states are:

  • Alabama, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia and Idaho
  • Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi and Montana
  • Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Oklahoma, Oregon and Rhode Island
  • South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington and Wyoming

The laws do not give every bank the same power. Some let an institution pause a payment on its own. Others require a report to law enforcement or adult protective services. The protected age can also vary, while several states include younger adults with qualifying disabilities. Hold periods differ even more. A delay may last only a few business days in one state. Elsewhere, an investigation or court order can keep the payment on hold much longer.

HOW FLORIDA RETIREE LOST $200K IN FAKE PAYPAL REFUND SCAM

Advertisement

Scammers often pressure victims to move money quickly, while transaction-hold laws aim to create time for review. (Photo by Nikolas Kokovlis/NurPhoto via Getty Images)

Nine states have joined the list since the FTC’s last review

Here is what the newer state laws do.

Colorado

Colorado’s HB 26-1110 created the Adults’ Security and Safeguards from Exploitation in Transactions Act, known as the ASSET Act. It lets a bank or credit union delay a disbursement when it reasonably believes a vulnerable adult faces financial exploitation. The institution must notify law enforcement or adult protective services. A decision generally must be made within 90 days. That period can reach 180 days when an agency investigation remains underway. The law takes effect August 12, 2026.

Georgia

Advertisement

Georgia’s HB 945 lets a financial institution place a hold on a suspicious transaction involving an eligible adult. The law also reaches accounts where the adult is a beneficiary. In some cases, it can cover an account belonging to the suspected perpetrator. The initial hold lasts up to 15 business days. A bank may extend it for another 15 business days when its review continues to support the concern. The law also includes trusted contacts, employee training and written notice requirements.

Idaho

Idaho enacted HB 182, known as the Report and Hold law, in 2025. It covers a broad range of financial businesses, including banks, credit unions, lenders, money transmitters and investment firms. Covered professionals may temporarily pause suspicious transactions and report suspected exploitation. The law also gives them liability protection when they act in good faith.

Maine

Maine’s 2025 law covers adults age 65 or older and people protected by the state’s Adult Protective Services Act. A bank or credit union may delay a disbursement when it reasonably believes the payment could result in exploitation. The institution must notify the Maine attorney general within two business days. The hold generally ends within 15 business days unless a court extends it. Customers may also be able to designate a trusted contact.

Advertisement

Maryland

Maryland’s Vulnerable Adult Banking Protection Act covers residents age 65 or older and vulnerable adults who cannot provide for their daily needs. A financial institution may delay or deny a suspicious disbursement. An initial delay can last 15 business days. The institution or an investigating agency can extend it for up to 25 business days from the original request date. The law takes effect October 1, 2026.

North Carolina

North Carolina’s SB 595 gives financial institutions broad authority to delay or refuse transactions involving suspected exploitation of older or disabled adults. The law covers withdrawals, transfers and some requested account changes. An initial delay can last up to 30 business days. The institution may extend it for another 30 business days if it continues to believe exploitation is occurring. Banks may also alert a trusted contact.

Oklahoma

Advertisement

Oklahoma’s SB 2067 requires financial institution employees to report suspicious activity internally and notify an appropriate agency. Banks and credit unions may place a temporary hold on a reported account. They can also contact someone previously designated by the account holder. The law takes effect November 1, 2026.

South Dakota

South Dakota’s HB 1238 lets a financial institution delay or refuse certain transactions when it reasonably believes exploitation may have occurred or is being attempted. The law protects senior and vulnerable adults. It also covers a consenting adult who asks the institution to take protective action.

Vermont

Vermont’s Act 106 lets covered financial institutions delay a transaction when they reasonably believe a customer faces financial exploitation. The initial delay can last 15 business days. The institution may add another 15 days when it believes the exploitation may continue. Vermont approved the law on May 20, 2026.

Advertisement

Why bank scam protections vary by state

The federal Senior Safe Act encourages financial professionals to report suspected exploitation. It also offers liability protection to covered institutions and trained employees who make qualifying reports. However, the law does not create one nationwide transaction-hold rule for checking and savings accounts. Investment accounts follow a different framework. FINRA Rule 2165 lets a brokerage firm temporarily hold certain disbursements or securities transactions when it reasonably believes an eligible adult faces financial exploitation.

The rule generally covers adults age 65 or older along with some younger adults who have qualifying impairments. As a result, a brokerage firm may have national regulatory authority to pause a suspicious request. A bank handling your checking account may depend more heavily on the law in your state.

A state law still cannot guarantee your payment will stop

Most state laws give a bank permission to act rather than requiring it to block every suspicious payment. The institution still needs to recognize the warning signs and have enough information to reasonably suspect exploitation. Your protection may depend on your age, the account involved and where you live. Your bank’s internal policies and employee training also play a role. Even in a state with a transaction-hold law, a payment may go through before anyone realizes a scam is underway.

Scammers know speed works in their favor

CyberGuy has reported on grandparent scams that use urgent calls, stolen details and AI-cloned voices. We have also covered crypto kiosk scamswhere frightened victims followed a caller’s instructions while the money moved beyond easy recovery. Georgia also used HB 945 to add safeguards for virtual currency kiosks, another payment method scammers use to move money quickly.

In both cases, the scammer wants to keep you isolated. They may warn you not to call your family or bank. They might claim that an employee is part of the investigation. A transaction hold attacks that pressure tactic. It adds time, which gives someone a chance to ask a basic question: Does this story make sense? Of course, no law will catch every scam. A payment can move through a different state, another financial service or a crypto wallet. Also, a bank may miss the warning signs or choose not to place a hold.

Advertisement

THE GIFT THAT PROTECTS YOUR DAD FROM SCAMMERS

House Bill 945 took effect July 1, 2026, giving Georgia banks more authority to delay payments tied to suspected exploitation. (Kurt “CyberGuy” Knutsson)

Do these bank scam transaction hold laws work?

An ABA Foundation survey commissioned from 158 banks offers an early view. Half of the responding banks in states with hold laws said they had used the authority to delay, refuse or hold transactions. Nearly 90% of respondents in states without such laws supported adopting them. The survey reflects the banking industry’s experience rather than a nationwide independent study. Even so, it shows that banks see value in having time to investigate.

That time can also create a difficult balance. Banks need enough authority to stop a devastating payment. Yet they must avoid blocking legitimate transactions based on age alone. Georgia tries to address that concern with a reasonable-cause standard. It also requires notice, employee training and an internal review. Whether the law succeeds will depend on how institutions use those tools.

How to protect your money from bank scams

You should not assume your bank can reverse a scam payment. You also cannot count on it pausing every suspicious transaction. The safest approach is to put protections in place before an urgent call, text or email catches you off guard.

Advertisement

1) Ask your bank about trusted contacts and transaction holds

Call your bank’s fraud department and ask whether you can add a trusted contact to your account. Then ask what the bank does when an employee suspects financial exploitation. You should also find out whether your state allows the bank to delay a suspicious transaction. The answer may differ between your checking account and your brokerage account.

2) Turn on instant alerts for account activity

Enable notifications for withdrawals, transfers and card purchases. Choose the lowest available dollar threshold so you hear about unusual activity quickly. Also review your bank’s daily transfer and wire limits. Lower limits can make it harder for a scammer to move a large amount of money in one transaction.

3) Make sure your trusted contact understands the role

Choose someone who will answer quickly and question an unusual request. Make sure that person knows your bank may call if something appears wrong. A trusted contact does not automatically gain access to your money. The role gives your bank another way to reach someone you trust during a possible emergency.

4) Create a family code word for emergencies

Choose a private word or phrase that family members can use to verify a real emergency. If someone calls claiming a loved one needs money, ask for the code word. Then hang up and contact your relative through a phone number you already have. Never call a number provided by the person demanding payment.

5) Never transfer money to a so-called safe account

A bank, government agency or law enforcement officer will not tell you to protect your savings by transferring them to another account. Scammers often use the phrase “safe account” to make a fraudulent transfer sound official. Do not send money through a wire transfer, cryptocurrency kiosk or payment app while someone is pressuring you to act immediately. End the conversation and call your bank using the number on the back of your card or its official website.

Advertisement

6) Use strong security software on your devices

Strong antivirus software can help detect malicious links, fake websites and downloads that scammers use to steal financial information. Keep the software updated on your phone and computer. Security software cannot stop every phone scam. However, it can block some of the digital tools criminals use before they reach your bank account. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

7) Reduce the personal information scammers can use

Scammers may pull your age, relatives’ names, phone number and address from data broker and people-search websites. They can use those details to make a fake emergency sound convincing. A data removal service can help reduce how much personal information appears on these sites. It cannot remove every record from the internet, but it can make it harder for criminals to build a detailed profile around you or your family. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

8) Act quickly if money starts moving

Call your bank’s fraud department as soon as you suspect a scam. Ask the institution to stop, recall or flag the transaction. Change your online banking password from a trusted device and review recent account activity. If you shared login details, ask the bank whether it should lock online access or issue new account numbers. Next, report the incident to local law enforcement and the appropriate fraud agency. For suspected elder financial abuse, you can also contact Adult Protective Services in your state.

Kurt’s key takeaways

Georgia’s new law gives financial institutions explicit authority to pause certain transactions when they suspect financial exploitation. However, the hold remains optional, and the protection applies only in qualifying situations. The issue reaches far beyond Georgia. At least 33 states have enacted some form of transaction-hold authority for banks or credit unions, although several newer laws have later effective dates. The protections still vary, so your state and financial institution can shape what happens during the most urgent minutes of a scam. Add a trusted contact where available. Talk with your family about how to verify an emergency and learn how your bank handles suspicious payments. A five-minute conversation today could create the pause that saves someone’s life savings later.

Should a bank have the power to delay your payment when it believes a scammer is directing you, even if you insist the transfer is legitimate? Let us know by writing to us at CyberGuy.com.

Advertisement

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Advertisement
Continue Reading

Technology

Fortnite is getting a bunch of AI-powered ‘personas’

Published

on

Fortnite is getting a bunch of AI-powered ‘personas’

Get ready for more AI characters in Fortnite. Developer Epic Games is going to let Fortnite creators publish experiences featuring characters with AI-powered voices starting on July 30th, and ahead of that launch, it’s created 36 characters with “consistent voices and personas” that creators can use as NPCs. The characters include Fortnite staples like Agent Jonesy, Peely (the banana), Fishstick (a walking fish), and Cuddle Team Leader (who wears a pink bear mascot head).

Epic tested the waters of AI characters with last year’s Darth Vader NPC that was powered by James Earl Jones’ voice — a collaboration that Jones’ estate signed off on. Even though players quickly got Vader to swear, something Epic fixed quickly, the company announced shortly after debuting Vader that Fortnite creators would be able to make AI-powered characters of their own.

The voices for these new personas rely on “performances captured from independent professional actors specifically for use in developer-made islands,” Epic says. “The actors agreed to have their performances used to develop voice models that create the spoken responses for these LLM-powered Fortnite characters.”

Down the line, it sounds like Epic wants to make characters featuring voices from the well-known actors that have appeared in the Fortnite universe, but it will have to secure the right approvals to do so. “Our next step is to work with the relevant guilds and character voice actors who have previously worked on Fortnite Battle Royale to explore opportunities to make their original voices available across the Fortnite ecosystem,” the company says.

Continue Reading
Advertisement

Trending