Skip to main content

Beware: Hackers are using a clever Microsoft Edge malvertising scam

If you’re still using Microsoft Edge, you need to beware — a new malvertising campaign has just been discovered, and if you fall victim to it, your PC might be at risk.

According to Malwarebytes, the attackers are abusing Microsoft Edge’s News Feed feature to target their victims. Here’s what we know about this clever new scam.

Screenshot of a Microsoft Edge scam attack.
Malwarebytes

Malvertising refers to incorporating malware into advertisements, which is exactly what’s happening in this latest Microsoft Edge scam. First spotted by Malwarebytes’ Threat Intelligence Team, the operation seems to have started at least two months ago, if not more. It’s hard to estimate how many people have fallen for the trick so far.

The scam campaign runs on a really large scale. The attackers supposedly switch between hundreds of different ondigitalocean.app subdomains per day and each one of those subdomains are used to host a scam website intended to scam unsuspecting Edge users.

The threat actors inject attention-grabbing ads into the Microsoft Edge news feed. If a user is tempted to check out the article, their browser is then checked for a number of things, such as their location and their timezone.

It seems that not all users are deemed to be “worthwhile” enough to proceed with the scam. If the user’s browser does not match the attacker’s requirements, they’re redirected to a decoy page and nothing else happens. However, if the user ticks all the boxes, they are directed to a scam landing page.

Assuming that the user makes it to the scam landing page, what follows is a well-known pattern that has been used by many threat actors in the past. The landing page tells the user that the Windows Defender Security Center found a trojan virus and blocked the computer for security reasons. They are then given a (supposedly toll-free) phone number to dial in order to unlock their computer.

Malwarebytes didn’t specify what happens if one calls the listed phone number, but the way this scam usually goes is that the scammers obtain remote control of your computer and lock it down until they are paid. This often appears to be legitimate and is less of extortion and more of a “pay us for fixing this technical issue for you” kind of thing. Users may also be offered to sign up for a longer-lasting tech support contract.

The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.
Image used with permission by copyright holder

Microsoft Edge is the default browser for Windows users, and much like its (now retired) older sibling Internet Explorer, it’s mostly used to download a different browser. Statcounter puts Edge’s market share at 4.3%, making it a small fish in a big pond largely dominated by the shark that is Google Chrome (65.52%). It sometimes trades blows with Mozilla Firefox, which currently sits at a 3.16% market share.

For the time being, if you’re using Microsoft Edge and want to avoid problems, it’s best to ignore the news feed altogether and simply visit a reputable news site directly to stay up to date.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Microsoft just made Paint useful again
A screenshot of Paint Co-creator.

Microsoft Paint is taking a step into the future with the integration of DALL-E 3, better known as Cocreator. The AI-powered feature, previously featured in Bing AI, enables users to generate images based on textual descriptions and preferred art styles.

Microsoft originally announced its intentions to integrate Bing’s AI-based image-generating features with Paint during its September 26 event. According to a report by Windows Latest, Cocreator for Paint has now transitioned from the testing phase and is ready for a broader release for all Windows 11 users. While not every user may immediately experience the feature due to the gradual rollout, those eager to explore Cocreator should ensure they are running the latest version of Paint. Additionally, users may be prompted to join a waiting list within the app.

Read more
Hackers are using this incredibly sneaky trick to hide malware
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass -- or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

Read more
Microsoft Copilot sounds great. Here’s why I definitely won’t use it
Using Windows 11 copilot to summarize a document.

A lot of Microsoft's September event was dedicated to Copilot, Bing Chat, and other AI-driven features. In a way, the updates made to laptops like the Surface Laptop Studio 2 almost felt like an afterthought. It was a real AI fest -- and no wonder, as Microsoft has certainly created something bragworthy.

Despite how impressive Copilot seems to be, I can't see myself actually using it. It's a neat party trick, but my concerns with the AI outweigh any upsides it might have.
AI everywhere

Read more