Specifically, threat actors are targeting users with a tech support scam that is being sent via malicious adverts through the Microsoft Edge “My Feed” section. This is known as a “malvertising” attack where a fake page tricks users into interacting with malicious content. Malwarebytes explains how the campaign functions in a blog and accompanying image. According to the company, the adware attack is sophisticated because the ad banner knows to only redirect potential victims to the scam page. “When a user clicks on one of the malicious ads, a request to the Taboola ad network is made via an API (api.taboola.com) to honor the click on the ad banner… The goal of this script is to only show the malicious redirection to potential victims, ignoring bots, VPNs and geolocations that are not of interest that are instead shown a harmless page related to the advert. This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers.”
Ongoing Scam
Over 24 hours, Malwarebytes was able to find 200 hostnames, and there are undoubtedly many more to be found. The company says one of the domains associated with the hosts is a software company director out of Dehli, India. As this is a scam, no update is going to avoid the issue. Instead, it is on Microsoft Edge users to be vigilant and avoid interacting with content they are unsure about. Tip of the day: Windows now has a package manager similar to Linux called “Winget”. In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.