An ongoing malvertising campaign injects advertisements into the Microsoft Edge newsfeed to redirect potential victims to websites offering tech support scams.

This scam operation has been going on for at least two months, according to Malwarebytes’ Threat Intelligence team, which said it was one of the most extensive campaigns to date based on the amount of ranging noise it generates.

This is not surprising given its scale, with attackers switching between hundreds of ondigitalocean.app subdomains to host their fraudulent pages in a single day.

The numerous malicious advertisements they inject into the Edge newsfeed timeline are also linked to more than a dozen domains, including at least one (tissatweb[.]U.S. too known to host browser locker in the old days.

Scam Redirect Flow
Scam redirect stream (Malwarebytes)

The redirect flow used to send Edge users begins by checking the targets web browsers for several parameters, such as time zone, to decide if they are worth their time. Otherwise, they will send them to a decoy page.

To redirect to their fraudulent landing pages, hackers use the Taboola advertising network to load a Base64-encoded JavaScript script designed to screen out potential victims.

“The purpose of this script is to only show the malicious redirect to potential victims, ignoring bots, VPNs and geolocations that are not of interest which are instead displayed on a harmless page linked to the ad” , Malwarebytes explained.

“This scheme is intended to trick innocent users with very well-known fake browser lock pages used by tech support scammers.”

Tech support scam landing page
Tech Support Scam Landing Page (Malwarebytes)

Although Malwarebytes didn’t say what happens if you call the scammers’ phone number, in most cases they lock your computer using various methods or tell you that your device is infected and you need to buy a support license.

Either way, once they connect to your computer to help you, the scammers will try to convince their victims to pay for an expensive tech support contract without any benefits for the victim.

A Microsoft spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.


Source link