News Feed Pushes Tech Support Scams

Malvertising on News Feed Pushes Tech Support Scams

Malwarebytes uncovered a malvertising campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams. The scheme is simple and relies on threat actors inserting their advertisements on the Edge home page and trying to lure users with shocking or bizarre stories.

When a user clicks on one of the malicious ads, a request to the Taboola ad network is made via an API to honor the click on the ad banner. The first request to one of those malicious domains retrieves a Base64 encoded JavaScript whose goal is to check the current visitor and determine if they are the potential target. The goal of this script is to only show the malicious redirection to potential victims, ignoring bots, VPNs and geolocations that are not of interest that are instead shown a harmless page related to the advert.

This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers.


News Feed Pushes Tech Support Scams
Scroll to top