That 'Windows 11 24H2 update' download is malware - and antivirus isn't catching it
Here's a scam worth knowing about before you meet it. A website doing the rounds looks like an official Microsoft support page, offers a "cumulative update" for Windows 11 version 24H2, and hands you password-stealing malware when you click download. Malwarebytes flagged it this month, and the unnerving part is how well it hides.
The fake page lives at microsoft-update[.]support - close enough to a real Microsoft address to fool a hurried glance - and copies Microsoft's look right down to a made-up KB reference number and a big "Download the update" button. Click it and you get an 83 MB file called "WindowsUpdate 1.0.0.msi" whose file properties even list the author as "Microsoft." Run it and it quietly lifts your saved browser passwords, cookies, active login sessions and Discord data, then ships the lot to the attackers. Because it's wrapped in a legitimate installer framework, antivirus barely reacts: at the time it was analysed, not one of 69 engines on VirusTotal flagged the main file.
The rule that keeps you safe is the same one that beats the ClickFix scam: Windows never delivers updates through a website you download and run. Real updates arrive only through Settings → Windows Update, inside Windows itself. If a web page, email or ad offers you a Windows "update" to download, close it - however official it looks.
If a fake installer like this ever did run, Tendvane's Safety check looks exactly where these stealers hide - unsigned programs set to auto-start from your AppData or Temp folders, and browser extensions you don't recognise - so you can spot and clear what got left behind.