Malwarebytes, a provider of antivirus software and virtual private networks, has found that con artists are inserting malicious advertisements into the Microsoft Edge news feed.
The company's threat intelligence team wrote on a company blog that they had evidence the scheme, which was designed to "direct victims to tech support scam pages," had been active for at least two months.
The fact that Microsoft Edge's news feed can also serve as the browser's homepage means that users are more likely to fall for the "shocking or bizarre stories" that the attackers have strategically placed there.
When a user engages with a bogus news item, a script is executed to determine whether or not the user should be further pursued. Malwarebytes claims that the script can identify and redirect "bots, VPNs, and geolocations that are not of interest" to a dummy page.
Threat actors serve up fake advertisements to users in order to compromise their devices, a practice known as malvertising. "This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers," Malwarebytes wrote.
Due to the dynamic nature of the scam operation, it will be challenging to eradicate the threat entirely. The scam operation relies on a constantly evolving list of malicious domains hosted on DigitalOcean's cloud web hosting infrastructure. It was reported by Malwarebytes that in just 24 hours, over 200 unique hostnames were used to trick technical support websites into giving out sensitive information.
It also highlighted the extensive efforts made to hide the fingerprints of the servers and devices used in the campaign.
One of the reported malicious domains was traced to a director at a Delhi-based "Computer and related activities" firm; the director's name was Sumit Kalra.
Malwarebytes calls this campaign "one of the biggest we are seeing in terms of telemetry noise," and this report connects Kalra to a number of other domains associated with it.
We have reached out to Kalra, Mws Software Services Private Limited, and Microsoft for comment.
Since Microsoft Edge is preinstalled on Windows 10 and 11, it is a popular choice for cybercriminals looking to trick the largest number of people who aren't as well-versed in online security.
Installing a top free VPN, using an anonymous browser, or even just switching the news feed in Microsoft Edge to a more secure source of information are all good ways for users to increase their security in the face of fake tech support scams and other forms of online extortion.
They should also treat information from unknown or dubious sources with a healthy dose of skepticism. It's important to use caution before clicking on news stories that seem too good to be true.
Malware can be downloaded onto a device if the user clicks on a malicious ad. However, con artists sometimes just want victims to believe they're infected and give in to the page's demands. This could be instructing the user to dial a specific number or, in the case of ransomware, to wire funds to an anonymous recipient.
Users should also be wary of the websites making these requests to prevent any security issues. Antivirus software, not a web browser, typically provides reports on potential security risks.