Jump to content
  • Microsoft Edge’s News Feed ads abused for tech support scams


    Karlston

    • 309 views
    • 3 minutes
     Share


    • 309 views
    • 3 minutes

    An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams.

     

    Microsoft Edge is currently the default web browser on computers running the Windows operating system and it currently has a 4.3% market share worldwide, according to Statcounter's Global Stats.

     

    This scam operation has been running for at least two months, according to Malwarebytes' Threat Intelligence Team, who said this is one of the most extensive campaigns at the moment based on the amount of telemetry noise it generates.

     

    This is not surprising considering its scale, with the attackers switching between hundreds of ondigitalocean.app subdomains to host their scam pages within a single day.

     

    The several malicious ads they're injecting into the Edge News Feed timeline are also linked to more than a dozen domains, at least one of them (tissatweb[.]us) also known for hosting a browser locker in the past.

     

    Scam_redirection_flow.png

    Scam redirection flow (Malwarebytes)

     

    The redirection flow used to send Edge users starts with a check of the targets' web browsers for several settings, such as timezone, to decide if they are worth their time. If not, they'll send them to a decoy page.

     

    To redirect to their scam landing pages, the threat actors use the Taboola ad network to load a Base64 encoded JavaScript script designed to filter the potential victims.

     

    "The goal of this script is to only show the malicious redirection to potential victims, ignoring bots, VPNs and geolocations that are not of interest that are instead shown a harmless page related to the advert," Malwarebytes explained.

     

    "This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers."

     

    tech_support_scam_landing_page.png

    Tech support scam landing page (Malwarebytes)

     

    While Malwarebytes didn't say what happens if you call the scammers' phone number, in most cases, they would lock your computer using various methods or tell you that your device is infected and you need to purchase a support license. 

     

    Either way, once they connect to your computer to help you, the scammers will try to convince their victims to pay for an expensive tech support contract with no benefit to the victim.

     

    A Microsoft spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

     

     

    Microsoft Edge’s News Feed ads abused for tech support scams


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...