Microsoft Edge News Feed infiltrated by tech support scammers
>
Scammers place malicious ads in Microsoft Edge’s news feed, according to new research antivirus and VPN provider Malwarebytes.
In a blog post (opens in new tab) by its threat intelligence team, the company claims the plan, set up to “refer victims to tech support scam pages,” has been in operation for at least two months.
This particular scam operation was particularly effective because Microsoft Edge’s news feed doubles as the web browser’s home page, increasing the chances of users being lured by “shocking or bizarre stories” posted there by attackers.
Fake news in Microsoft Edge
Once a user clicks on a fake news story, a script is executed to decide whether a user should be the target of the scam. According to Malwarebytes, the script aims to filter out “bots, VPNs and geolocations that don’t matter” and instead send these machines to a harmless decoy page.
“This scheme is intended to deceive innocent users with fake browser locker pages, well known and used by tech support scammers,” Malwarebytes wrote, referring to the plague of malvertisingwhere threat actors serve false advertisements to users to compromise their devices.
The scam operation is based on an ever-changing list of malicious domains provided by DigitalOcean’s cloud-based web hosting infrastructure, making the threat difficult to completely eradicate. Malwarebytes claimed that over 200 different hostnames were used to scam tech support pages over the course of 24 hours.
It also noted significant efforts to cover up identifying information (known as take fingerprints) about servers and devices involved in the campaign.
However, the company has linked one of the collected domains, previously reported as suspicious (opens in new tab)to Sumit Kalra, listed as a director of “Mws Software Services Private Limited”, a Delhi based company working in “Computer and related business”.
It also linked Kalra to a number of other domains involved in this particular campaign, which Malwarebytes says is “one of the biggest we’ve seen in terms of telemetric noise.”
TechRadar Pro has asked Kalra, Mws Software Services Private Limited and Microsoft for comment.
Default browsers and malvertising
Microsoft Edge is the default web browser on Windows 10 and 11, making it a prime target for scammers looking to target the largest number of unsuspecting users who are less aware of the measures they can take to stay safe online.
Users who want to protect themselves from fake tech support scams and other threat actors may want one of the best free VPNsconsider a anonymous web browseror simply change their Microsoft Edge homepage from the default news feed.
They should also maintain a healthy skepticism when interacting with content from an unknown or infamous source. If a news story sounds too good to be true, it can go a long way if you think twice before clicking on it.
Clicking on a fake ad can infect a device with malware. But scammers sometimes just want users to believe they are infected and go ahead with what the page asks of them. This could be to call a certain phone number, or send money to an unknown actor – the latter being a form of ransomware.
To stay safe, users should also be vigilant about the pages making these requests. Usually it is antivirus software, not a web browser, that reports on threats to a device’s security.