Fake Facebook ads push malware disguised as free Windows 11 upgrades
Mar 1st 2026
Antivirus firm Malwarebytes says Facebook ads offering a free Windows 11 upgrade link to fake Microsoft pages that install a fake 75MB installer and steal passwords and crypto data, so update only through Windows Update.
- Malwarebytes warns that Facebook ads promising quick free Windows 11 upgrades lead to malicious downloads.
- The ads copy Microsoft branding and point to lookalike domains such as ms-25h2-download.pro and ms25h2-update.pro to appear legitimate.
- Clicking the links downloads a 75MB file named ms-update32.exe from a hacker-controlled GitHub page that installs data-stealing malware.
- The malware is designed to exfiltrate saved passwords, browser sessions, and cryptocurrency wallet data.
- The scam sites detect bots and researchers and will redirect them to Google to evade detection.
- Google Chrome has begun flagging the fake upgrade sites as malicious, and Microsoft does not distribute updates via social media ads so use Windows Update in system settings.