Microsoft Edge has a feed of news articles on the start page, which includes some advertisements. According to a new report, some of the advertisements in the news section can redirect to tech support scams.

UPDATE: 9/17/22

Microsoft has provided How-To Geek with the following statement:

"In partnership with our advertising providers, we have removed this content and blocked the advertiser from our networks. We remain dedicated to our user's safety and will continue to work with our partners to detect, eliminate, and provide new technological solutions to prevent malware attacks and address these threats.

Malwarebytes, a cybersecurity company that develops the malware protection software of the same name, has published a report about a rising number of malicious advertisements in Edge. The ads are reportedly found on the News Feed, which is the grid of recommended articles that appears on the start page. Malwarebytes said in a blog post, "we have identified several ads that are malicious and redirect unsuspecting users to tech support scams."

The malicious ads, served by the Taboola ad network, first load a page that determines if the visitor is a potential scam target -- checking bots, VPNs, certain geographical locations, and so on. If the visitor is targeted, they are redirected to a page that mimics a Windows Defender security popup and asks the person to "contact Microsoft support" with a provided phone number to remove a virus.

Tech support scams are (unfortunately) incredibly common, but this attack stands out for two reasons. First, it's directly in Microsoft's own web browser, which could make the attacks seem more legitimate to unsuspecting victims -- Edge already has integration with Windows and other Microsoft products, so the browser showing Windows Defender prompts isn't that far-fetched. Second, the attackers are cycling between many different sites to host the redirection and scam pages. Malwarebytes said, "in the span of 24 hours, we collected over 200 different hostnames."

We've reached out to Microsoft about the problem, and we will update this article when (or if) we get a response. For the moment, you should avoid clicking any advertisements in Edge's News Feed (they have an "Ad" label in the corner). You can also hide or completely turn off the feed in Edge.

Source: Malwarebytes