Microsoft Edge News Feed infiltrated by tech support scammers

Months-long scam targets Microsoft Edge users, but company takes action

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

UPDATE:Microsofthas told TechRadar Pro that, following the report, it has taken action against the malicious advertiser.

“In partnership with our advertising providers, we have removed this content and blocked the advertiser from our networks. We remain dedicated to our user’s safety and will continue to work with our partners to detect, eliminate, and provide new technological solutions to prevent malware attacks and address these threats.” a Microsoft spokesperson told us.

Scammers are planting malicious advertisements in theMicrosoft Edgenews feed, according to new research fromantivirusandVPNprovider Malwarebytes.

In ablog postby its threat intelligence team, the company claims that the scheme, set up to “direct victims to tech support scam pages”, has been in motion for at least two months.

This particular scam operation has been particularly effective because of Microsoft Edge’s news feed doubling as the web browser’s homepage, increasing the chances that users may be lured by “shocking or bizarre stories” that have been placed there by attackers.

Fake news in Microsoft Edge

Once a user has clicked on a false news story, a script is run to decide if a user should be targeted by the scam. According to Malwarebytes, the script aims to filter out “bots, VPNs, and geolocations that are not of interest,” and that these machines are instead sent to a harmless decoy page.

“This scheme is meant to trick innocent users with fakebrowserlocker pages, very well known and used by tech support scammers”, wrote Malwarebytes, in reference to the scourge ofmalvertising, whereby threat actors serve up fake advertisements to users in order to compromise their devices.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The scam operation relies on an ever-changing list of malicious domains served up by DigitalOcean’s cloud-basedweb hostinginfrastructure, making the threat difficult to stamp out completely. Malwarebytes claimed that, over the course of 24 hours, over 200 different hostnames were being used to scam tech support pages.

It also noted the considerable efforts to obscure identifying information (known asfingerprinting) aboutserversand devices involved in the campaign.

The company did, however, connect one of the collected domains,previously reported as suspicious, to Sumit Kalra, listed as a director for “Mws Software Services Private Limited”, a Delhi-based company working in “Computer and related activities”.

It also linked Kalra to a number of other domains involved with this particular campaign, which Malwarebytes has said is “one of the biggest we are seeing in terms of telemetry noise”.

TechRadar Prohas asked Kalra, Mws Software Services Private Limited, and Microsoft for comment.

Default browsers and malvertising

Microsoft Edge is the default web browser onWindows 10and 11, making it a prime target for scammers looking to target the largest number of unsuspecting users who are less aware of what measures they can take to stay secure online.

Users looking to protect themselves from fake tech support scams and other threat actors may wish to install one of thebest free VPNs, consider ananonymous web browser, or simply change their Microsoft Edge homepage from the default news feed.

They should also maintain a healthy skepticism when interacting with content from an unfamiliar or disreputable source. If a news story sounds too good to be true, thinking twice before clicking on it can go a long way.

Check out our picks for the best browsers with a built-in VPN>Opera launches Pro tier for its built-in browser VPN>You could soon control your VPN through Microsoft Edge

Clicking on a fake advertisement can result in a device being infected withmalware. But scammers sometimes just want users to believe they’ve been infected, and follow through with what the page is requesting of them. This may be to call a certain phone number, or send money to an unknown actor - the latter being a form ofransomware.

To stay safe, users should also be vigilant about the pages making these requests. Usually, it’s antivirus software, not a web browser, that reports on threats to a device’s security.

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature