Microsoft Edge on its home page displays articles through the News Feed. Of course, it also includes the necessary (for Microsoft) advertisements. According to a new report, some of the ads in the news section are redirecting to tech support scams.
Malwarebytes, a security company that develops the anti-malware software of the same name, published a report about an increasing number of malicious ads in Edge.
The ads are reportedly on News Feed, which is the grid of recommended articles that appears on the browser's home page. Malwarebytes said on its blog that "we have detected several ads that are malicious and redirect unsuspecting users to tech support scams."
Malicious ads, served by the Taboola ad network, first load a page that determines whether the visitor is a potential target for scam, checking if it meets certain specifications (geo-location, VPN, etc.).
If the visitor meets the conditions, they are redirected to a page that mimics a security popup of Windows Defender and asks the person to “contact Microsoft support” via a phone number it lists to remove a virus.
The technical support scams are (unfortunately) incredibly common, but this one attack stands out for two reasons.
First, it appears directly in Microsoft's browser, which could make the attacks appear more legitimate to unsuspecting victims (Edge is already integrated into Windows and other Microsoft products), so the fact that the program displays Windows Defender messages it's not that far fetched.
Second, attackers move between many different sites to host the redirect and scam pages. Malwarebytes reported that "over a 24-hour period, we collected over 200 different hostnames."
Microsoft on the other hand does not mention anything about all this. So for now, you should refrain from doing click to ads in Edge's News Feed (they have an “Ad” label in the corner). You can also hide or completely disable the News Feed in Edge.
