How is AI malware different from regular malware?

AI-powered malware can analyze its environment, detect what security software is running, and adjust its behavior to avoid detection in real time — without a human operator.

How can I tell a real Windows update from a fake one?

Real Windows updates come through Settings → Update & Security, not through web pages in your browser. If you see an 'update' in a browser tab with a URL bar, it's a website pretending to be your operating system.

Scam #7 · High Threat

That Update Wasn't From Microsoft.

A fake security patch that 'fails' at 92% — then helpfully gives you a PowerShell command to 'fix it manually.' The failure was the plan.

What You Just Experienced

A convincing Windows Update screen. A progress bar. A real-looking KB patch number and CVE vulnerability code. It crawled to 92%, stalled, and "failed" — then offered you a manual fix: a PowerShell command to run yourself.

The whole progress bar was theater. The "failure" was scripted. The manual fix was the actual attack. You run the command thinking you're installing a security patch, and instead you're downloading whatever the attacker wants onto your machine.

What's New About AI Malware

Traditional malware is dumb. It follows a script. It does the same thing on every machine and hopes the antivirus doesn't catch it.

AI-powered malware adapts. It scans your system, identifies what security software you're running, and changes its behavior to avoid detection. It tests different approaches, learns what triggers alerts, and adjusts. It does this without a human operator — the AI handles the adaptation in real time.

When it uses the fake-update delivery method, it adds a human element: it tricks you into running the payload yourself, which looks like an authorized action to your security software. AI adaptation + human social engineering = very hard to catch.

How to Spot It

System updates don't happen in your browser. Windows updates come through Settings → Update & Security. Mac updates come through System Preferences → Software Update. If you see an "update" in a browser tab, it's a web page pretending to be your operating system.
Real updates don't fail and then ask you to run commands. If Windows Update actually fails, it retries or sends you to a Microsoft support page. It doesn't give you a PowerShell one-liner.
Error codes that look technical but can't be verified. "CVE-2026-21338" sounds official. But if you search it from a clean device and find nothing from Microsoft, it was invented to look real.

The Separation

Real system updates never appear as web pages in your browser. That's the dividing line. If it's in a browser tab, it's a website — not your operating system. Close the tab. If you're concerned about real updates, go to your system settings.

How to Pass This Along

The visual shortcut: "If an update pops up and you can see a URL bar at the top — it's a web page, not a real update. Close it."

When they're worried: "If you see a scary security warning and you're not sure if it's real, close your browser and run your actual antivirus software. Or call me. Don't follow the instructions on the screen."

← Replay This Simulation All Scams