deceptive website Archives

Winsage

April 14, 2026

This fake Windows 11 24H2 update looks perfect, until it avoids antivirus and steals your passwords

Cybercriminals are using sophisticated tactics to deceive users, particularly with a counterfeit website posing as a legitimate Windows 11 update. This site operates under the domain microsoft-update[.]support and is designed to trick individuals into downloading malware that compromises sensitive information. The site is written in French and mimics a genuine cumulative update for Windows 11, version 24H2, featuring a convincing KB article number and a blue download button. The malware is packaged as a Windows update using the WiX Toolset 4.0.0.5512 and is labeled "WindowsUpdate 1.0.0.msi," with properties that suggest it is from Microsoft. At the time of analysis, VirusTotal showed no detections for the malware, which conceals its harmful code within an Electron shell, making it difficult to identify. Users are advised to download updates directly through the Windows Settings app or from Microsoft's official support hub.

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.

AppWizard

March 11, 2026

Meta turns to AI to sniff out scams on Facebook, Messenger and WhatsApp

Meta has introduced new tools on Facebook, Messenger, and WhatsApp to enhance user protection against scams using advanced artificial intelligence. Facebook features a proactive alert system for suspicious friend requests, analyzing user profiles to help users make informed decisions about blocking or rejecting requests. WhatsApp warns users against scams linking their accounts to unauthorized devices, providing alerts for suspicious requests and detailing their origins. Messenger allows users to share recent messages for AI-driven scam reviews, issuing notifications for potential scams along with recommended actions. Meta is also expanding advertiser verification processes to prevent misrepresentation and is working with law enforcement, having disabled over 150,000 accounts linked to scams and contributing to 21 arrests by the Royal Thai Police. Additionally, Meta conducts awareness campaigns to educate users on recognizing and avoiding scams.

Tech Optimizer

February 24, 2026

Fake Zoom meeting “update” silently installs surveillance software

A deceptive website, uswebzoomus[.]com/zoom/, poses as a Zoom meeting platform and installs surveillance software on Windows devices without user consent. The software is a covert version of Teramind, a commercial monitoring tool. The site creates a fake Zoom waiting room experience, complete with scripted participants and background audio, to trick users into downloading a malicious file named zoomagentx64s-i(_941afee582cc71135202939296679e229dd7cced) (1).msi. This file is preconfigured to connect to an attacker-controlled Teramind server and operates in stealth mode, leaving minimal traces on the device. The installation process collects information about the device and is designed to evade detection by security tools. If users suspect they have been affected, they are advised not to open the downloaded file, check for its installation, and change passwords from a clean device.