You’re on PC, and suddenly a pop-up ad appears in the system tray informing you of a Windows Defender Update. Be careful — it might be push notification malware meant to trick you into installing malicious Windows apps.
According to McAfee, threat actors are increasingly abusing push notifications to impersonate legitimate Windows alerts. Clicking on the alert redirects users to a fake Windows update website telling them their antivirus subscription has expired and that McAfee has detected various threats on their system. This message deceives the user into downloading the fake update, which can harvest system and user information.
Fake Windows Defender update: Why it’s easy to fall for
McAfee researchers stated that browser push notifications could closely resemble Windows system updates. Attackers are hacking into pop-up notifications and planting fake ones that disguise themselves by leveraging the McAfee logo and name. The pop-ups are purported to inform users about Windows Defender Update and take them to a fake website.
The fake website then presents a “signed MSIX (ms-appinstaller)” package. Downloading and running this file brings up a prompt asking for the installation of a Defender Update from a supposed “Publisher: Microsoft.” Once done, the malicious Defender Update app appears in