Windows 10 Apps Hit by Malicious Ads that Blockers Won’t Stop

Windows 10 users in Germany are reporting that while using their computer, their default browser would suddenly open to malicious and scam advertisements. These advertisements are being shown by malvertising campaigns on the Microsoft Advertising network that are being displayed in ad supported apps.

As a way to monetize free apps, Microsoft offers Windows 10 app developers the ability to use their Microsoft Advertising SDK to display ads in their apps.  For example. Microsoft News and Microsoft Jigsaw utilize Microsoft Advertising to display ads.

German Ads in Microsoft News and Microsoft Jigsaw
German Ads in Microsoft News and Microsoft Jigsaw

Over the weekend, there were numerous reports of Windows 10 users in Germany having their browser open suddenly to sites pushing tech support scams, sweepstakes, surveys, and win a prize wheels. These advertisements would open suddenly while they were using apps like Microsoft News, Microsoft Jigsaw, and other Microsoft Advertising supported apps.

For example, the advertisement below was shown to one user and pretends to be a system scan stating that the computer is infected. If a user goes through the screens, the scam page will ultimately prompt them to download an unwanted system cleaner program.

Tech Support Scam shown by malvertising campaign
Tech Support Scam shown by malvertising campaign

These ads are being caused by scammers purchasing ad campaigns in the Microsoft Advertising network that use JavaScript to automatically launch scam sites in a new window. As these advertisements are being shown in an ad-supported app, Windows 10 will instead launch the new page in the default browser.

Just like a similar malvertising campaign that targeted French users of Microsoft apps in April, this German campaign appears to only be targeting users on residential IP addresses. For example, if you use a VPN to gain access to a German IP address, the malvertising ads will not show.

Ad blockers will not help

As these ads are being displayed because of ad-supported apps,  any ad blockers you have installed in your browsers will not prevent the pages from loading.

This is because the scripts that are normally blocked by ad blockers are being executed in the app and Windows 10 is just launching a web page in your browser.

Instead users will have to rely on security software or built-in browser filtering services such as SmartScreen and Safe Browsing to block known malicious web sites.

ESET blocking a malicious web site
ESET blocking a malicious web site

Another option is to install a HOSTS file that blocks all connections to known advertising networks and malicious sites.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.