Microsoft Edge on its home page displays articles through the News Feed. Of course, it also includes the necessary (for Microsoft) advertisements. According to a new report, some of the ads in the news section are redirecting to tech support scams.
Malwarebytes, a security company that develops the anti-malware software of the same name, published a report about an increasing number of malicious ads in Edge.
The ads are reportedly on News Feed, which is the grid of recommended articles that appears on the browser's home page. Malwarebytes said on its blog that "we have detected several ads that are malicious and redirect unsuspecting users to tech support scams."
The malicious ads, served by the Taboola ad network, first load a page that determines if the visitor is a potential target for the scam by checking if they meet certain specifications (geo-location, VPN, etc.).
If the visitor qualifies, it redirects to a page that mimics a Windows Defender security pop-up and asks the person to “contact Microsoft support” via a phone number it lists to remove a virus.
The technical support scams are (unfortunately) incredibly common, but this attack stands out for two reasons.
First, it appears directly in Microsoft's browser, which could make the attacks appear more legitimate to unsuspecting victims (Edge is already integrated into Windows and other Microsoft products), so the fact that the program displays Windows Defender messages it's not that far fetched.
Second, attackers move between many different sites to host the redirect and scam pages. Malwarebytes reported that "over a 24-hour period, we collected over 200 different hostnames."
Microsoft on the other hand does not mention anything about all this. So for now, you should avoid clicking ads in Edge's News Feed (they have an “Ad” label in the corner). You can also hide or completely disable the News Feed in Edge.