← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
This fake Windows support website delivers password-stealing malware
WHITE PetrP.73 2026-04-17 Modified: 2026-04-17
7
IOCs
LOW VOLUME
A recent cyber campaign has been identified that utilizes a fraudulent Microsoft support website to distribute password-stealing malware, specifically targeting French-speaking users. The attack begins at a typosquatted domain, http://microsoft-update.support, which mimics a legitimate Microsoft support page. This site promotes a fake cumulative update for Windows version 24H2, complete with misleading documentation designed to convince users to download what appears to be a standard Windows update.
windows updatefranceusermicrosoftjavascriptpythonelectron appelectron shellwindowselectrondiscordaprilkelaindonesiadefendervirustotallookstefan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (7)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 08ccc359f9e0851d49e942cd47e5cf55 MD5 of c94de13f548ce39911a1c55a5e0f43cddd681deb5a5a9c4de8a0dfe5b082f650 2026-04-17
FileHash-MD5 f6dce5dd853e497efc2f6b434953250f MD5 of 13c97012b0df84e6491c1d8c4c5dc85f35ab110d067c05ea503a75488d63be60 2026-04-17
FileHash-SHA1 3220af3c6627126efe6c23d50ab52fe2506a7435 SHA1 of 13c97012b0df84e6491c1d8c4c5dc85f35ab110d067c05ea503a75488d63be60 2026-04-17
FileHash-SHA1 f15a70fccc42a07306d5987e35e1a5b2f070999e SHA1 of c94de13f548ce39911a1c55a5e0f43cddd681deb5a5a9c4de8a0dfe5b082f650 2026-04-17
FileHash-SHA256 13c97012b0df84e6491c1d8c4c5dc85f35ab110d067c05ea503a75488d63be60 2026-04-17
FileHash-SHA256 c94de13f548ce39911a1c55a5e0f43cddd681deb5a5a9c4de8a0dfe5b082f650 2026-04-17
domain microsoft-update.support 2026-04-17
References (1)
↗ https://www.malwarebytes.com/blog/scams/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware