Frauds use Microsoft ad network to hijack Windows 10 store apps and default browsers

Recently, some German users have reported that the browser will suddenly open a malicious advertisement when using the computer or claim that the computer has been poisoned and need to contact Microsoft’s fraud advertisement. Malicious advertisements are mainly webpages showing that the user’s computer has been poisoned and needs to download the software for scanning. Actually, this software is not related to security but rogue software.

The scam advertisement is that the user’s computer poisoning must be handled by contacting Microsoft technical support. After contacting the fake Microsoft, the scammer will ask the user to pay. Such technical fraud scams and malware are common, but it is rare that the scam was actually initiated using Microsoft’s own advertising network.

We know that some applications in the Windows 10 store will have ads, and Microsoft provides advertising components for developers to use to get advertising. The scam is a fraudulent gang that puts malicious scripts in the ad, and then the user opens the app that carries the ad component and loads the script automatically. The script settings use a browser to open a new window and then force Windows 10 to open using the default browser, and then various scam ads follow. The target of this fraud group is mainly Windows 10 users in Germany, so users in other countries and regions will not encounter such fraudulent advertisements for the time being.

At present, Microsoft has removed these malicious advertisements with malicious purposes. The company has not yet issued a statement to explain the use of this issue.