Fake Software Update Page Delivering Credential-Stealing Malware

On 12 April 2026 a marketing user was infected by credential‑stealing malware after being redirected from an ad platform to a spoofed browser update page (https://browser-patch-center.com/update). The site delivered Critical_Browser_Update.zip containing PatchInstaller.exe which established persistence via HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BrowserPatch, harvested browser credentials, cookies, autofill data and desktop files, staged data in C:\ProgramData\BrowserCache, and exfiltrated over HTTPS to cdn.browser-data-sync.com; the report includes IoCs (URL, archive, executable, registry key, exfil domain, MD5).