Microsoft Edge on its home page displays articles through it News Feed. Of course, it also includes the necessary (for Microsoft) advertisements. According to a new report, some of the ads in the news section are redirecting to tech support scams.
Malwarebytes, a security company that develops the anti-virus software of the same name malware, published a report on a growing number of malicious ads on Edge.
The ads are reportedly on News Feed, which is the grid of recommended articles that appears on its home page browser. Malwarebytes said on its blog that "we have detected several ads that are malicious and redirect unsuspecting users to tech support scams."
The malicious ads, served by the Taboola ad network, first load a page that determines if the visitor is a potential target for the scam by checking if they meet certain specifications (geo-location, VPN, etc.).
If the visitor qualifies, it redirects to a page that mimics a Windows Defender security pop-up and asks the person to “contact Microsoft support” via a phone number it lists to remove a virus.
The technical support scams are (unfortunately) incredibly common, but this attack stands out for two reasons.
First, it appears directly in Microsoft's browser, which could make the attacks appear more legitimate to unsuspecting victims (Edge is already integrated into Windows and other Microsoft products), so the fact that the program displays Windows Defender messages it's not that far fetched.
Second, attackers move between many different sites to host the redirect and scam pages. Malwarebytes reported that “in space 24 hours, we collected over 200 different hostnames”.
Microsoft on the other hand does not mention anything about all this. So for now, you should avoid clicking ads in Edge's News Feed (they have an “Ad” label in the corner). You can also hide or completely disable the News Feed in Edge.
