ClickCease Microsoft's Edge exploited to advance tech support scams

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Microsoft’s Edge news feed exploited to advance tech support scams

September 27, 2022 - TuxCare PR Team

Security researchers at Malwarebytes have uncovered an ongoing malvertising campaign that injects ads into Microsoft’s Edge News Feed, redirecting potential victims to websites that promote tech support scams.

The Threat Intelligence team at Malwarebytes said the fraud operation had been running for at least two months and was considered one of the most extensive campaigns due to the amount of telemetry noise generated.

The attackers switch between hundreds of ondigitalocean.app subdomains to host their scam sites within a single day. The several malicious ads injected into the timeline of the Edge News Feed are also linked to more than a dozen domains.

The redirect flow, which is used to send Edge users to malicious websites, begins by checking the target’s web browsers for different settings such as time zones to decide whether they are worth their time, or if not, send them to a decoy page.

To redirect to their scam landing pages, the threat actors use the Taboola ad network to load a Base64-encoded JavaScript script to filter potential victims.

“The goal of this script is to only show the malicious redirection to potential victims, ignoring bots, VPNs and geolocations that are not of interest that are instead shown a harmless page related to the advert. This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers,” explained Malwarebytes.

The sources for this piece include an article in BleepingComputer.

Summary
Microsoft's Edge exploited to advance tech support scams
Article Name
Microsoft's Edge exploited to advance tech support scams
Description
Security researchers at Malwarebytes have uncovered an ongoing malvertising campaign that injects ads into Microsoft's Edge News Feed.
Author
Publisher Name
Tuxcare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter