ClickCease Microsoft's Edge exploited to advance tech support scams
Cybersecurity News,

Microsoft’s Edge news feed exploited to advance tech support scams

September 27, 2022
Microsoft edge´s news feed exploited

Security researchers at Malwarebytes have uncovered an ongoing malvertising campaign that injects ads into Microsoft’s Edge News Feed, redirecting potential victims to websites that promote tech support scams.

The Threat Intelligence team at Malwarebytes said the fraud operation had been running for at least two months and was considered one of the most extensive campaigns due to the amount of telemetry noise generated.

The attackers switch between hundreds of ondigitalocean.app subdomains to host their scam sites within a single day. The several malicious ads injected into the timeline of the Edge News Feed are also linked to more than a dozen domains.

The redirect flow, which is used to send Edge users to malicious websites, begins by checking the target’s web browsers for different settings such as time zones to decide whether they are worth their time, or if not, send them to a decoy page.

To redirect to their scam landing pages, the threat actors use the Taboola ad network to load a Base64-encoded JavaScript script to filter potential victims.

“The goal of this script is to only show the malicious redirection to potential victims, ignoring bots, VPNs and geolocations that are not of interest that are instead shown a harmless page related to the advert. This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers,” explained Malwarebytes.

The sources for this piece include an article in BleepingComputer.

Summary
Microsoft's Edge exploited to advance tech support scams
Article Name
Microsoft's Edge exploited to advance tech support scams
Description
Security researchers at Malwarebytes have uncovered an ongoing malvertising campaign that injects ads into Microsoft's Edge News Feed.
Author
Publisher Name
Tuxcare
Publisher Logo

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

Bahamut deploys fake VPN apps...

ESET researchers discovered an ongoing campaign by the Bahamut APT...

December 9, 2022

Windows Server updates causes LSASS...

A memory leak bug on Local Security Authority Subsystem Service...

December 8, 2022

1,650 malicious Docker Hub images...

After discovering malicious behaviors in 1,652 of 250,000 unverified Linux...

December 7, 2022

Arm’s Mali GPU driver flaws...

Despite fixes released by the chipmaker, a set of five...

December 6, 2022

RansomExx malware offers new features...

The APT group DefrayX has launched a new version of...

December 5, 2022

DuckDuckGo launches beta version of...

DuckDuckGo, a privacy-focused search engine, has added an App Tracking...

December 2, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching