According to multiple user reports, Windows 10 users in Germany are currently experiencing malvertising campaigns when using their default browsers.
The malicious ads are being displayed on the Microsoft Advertising network in ad-supported applications.
What Is Microsoft Advertising?
As explained by Microsoft, through this platform the company is using your browsing, search, and other online activity data associated with your Microsoft account to show you ads that are more tailored to your interests. The setting can be turned off but ads will not be as relevant.
In other words, the platform gives Microsoft a way to offer app developers monetization opportunities by using Microsoft Advertising SDK to display ads in their apps.
There are a number of recent reports of Windows 10 users, specifically in Germany, who share having their default browser open abruptly leading them to sites that host tech support scams and suspicious surveys. The ads would show up every time apps such as Microsoft News and Microsoft Jigsaw. Both applications are supported by Microsoft Advertising.
Why are Win10 users seeing these intrusive ads?
It is important to note that this is not the first such campaign. Earlier this year, French users were targeting in a similar malvertising campaign. Both campaigns appear to be targeting users according to their residential IP addresses. This means that users using VPN services to have access to German IP addresses will not be displayed these ads.
The worst part is that ad blockers are helpless in such cases because the ads are displayed due to ad-supported apps. Why is that? The scripts that ad blockers are designed to stop are executed in the app itself. So what can users do to prevent this from happening? Using security applications is one option, as well as relying on built-in browser filters.
Another example of a malvertising campaign that successfully defeated ad blockers is the so-called RoughTed operation. The campaign was detected in 2017. RoughTed was a large-scale malvertising campaign which saw a peak in March 2017 but has been active for at least over a year. Both Windows and Mac operating systems were targeted, as well as iOS and Android. The operation was quite rare in its comprehensiveness, having used a variety of malicious approaches from exploit kits to online scams such as fake tech support scams, fake updates, rogue browser extensions, and so on.