14.2 C
London
Sunday, October 2, 2022
More

    Latest Posts

    Microsoft Edge News Feed infiltrated by tech support scammers

    Microsoft Edge Chromium



    (Image credit: Microsoft)

    Scammers are planting malicious advertisements in the Microsoft Edge news feed, according to new research from antivirus and VPN provider Malwarebytes.

    In a blog post (opens in new tab) by its threat intelligence team, the company claims that the scheme, set up to “direct victims to tech support scam pages”, has been in motion for at least two months.

    This particular scam operation has been particularly effective because of Microsoft Edge’s news feed doubling as the web browser’s homepage, increasing the chances that users may be lured by “shocking or bizarre stories” that have been placed there by attackers.

    Fake news in Microsoft Edge

    Once a user has clicked on a false news story, a script is run to decide if a user should be targeted by the scam. According to Malwarebytes, the script aims to filter out “bots, VPNs, and geolocations that are not of interest,” and that these machines are instead sent to a harmless decoy page.

    “This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers”, wrote Malwarebytes, in reference to the scourge of malvertising, whereby threat actors serve up fake advertisements to users in order to compromise their devices.

    The scam operation relies on an ever-changing list of malicious domains served up by DigitalOcean’s cloud-based web hosting infrastructure, making the threat difficult to stamp out completely. Malwarebytes claimed that, over the course of 24 hours, over 200 different hostnames were being used to scam tech support pages.

    It also noted the considerable efforts to obscure identifying information (known as fingerprinting) about servers and devices involved in the campaign.

    The company did, however, connect one of the collected domains, previously reported as suspicious (opens in new tab), to Sumit Kalra, listed as a director for “Mws Software Services Private Limited”, a Delhi-based company working in “Computer and related activities”.

    It also linked Kalra to a number of other domains involved with this particular campaign, which Malwarebytes has said is “one of the biggest we are seeing in terms of telemetry noise”. 

    TechRadar Pro has asked Kalra, Mws Software Services Private Limited, and Microsoft for comment.

    Default browsers and malvertising

    Microsoft Edge is the default web browser on Windows 10 and 11, making it a prime target for scammers looking to target the largest number of unsuspecting users who are less aware of what measures they can take to stay secure online.

    Users looking to protect themselves from fake tech support scams and other threat actors may wish to install one of the best free VPNs, consider an anonymous web browser, or simply change their Microsoft Edge homepage from the default news feed.

    They should also maintain a healthy skepticism when interacting with content from an unfamiliar or disreputable source. If a news story sounds too good to be true, thinking twice before clicking on it can go a long way.

    Clicking on a fake advertisement can result in a device being infected with malware. But scammers sometimes just want users to believe they’ve been infected, and follow through with what the page is requesting of them. This may be to call a certain phone number, or send money to an unknown actor – the latter being a form of ransomware

    To stay safe, users should also be vigilant about the pages making these requests. Usually, it’s antivirus software, not a web browser, that reports on threats to a device’s security. 

    Luke Hughes holds the role of Graduate Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

    Latest Posts

    spot_imgspot_img

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.

    × Share your content