Bad actors are loading applications available for Windows 10 through the Microsoft Store with malicious ads, security researchers have found. Attackers leverage the apps to put phishing ads into content and fool users into downloading malicious content onto their system,
Many of the fraudulent ads tell the user they have a malware problem on their PC and prompt them to do a scan. Of course, the scan looks entirely legitimate, but they are in fact used to load malicious content. Devices become compromised with ransomware attacks and viruses.
Yes, this is a trick that’s been around on the internet for many years. It seems hackers are now using the Microsoft Store and third-party Windows 10 apps.
“Your PC is infected with 3 viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 29.1% – immediate removal required. 4 minute and 2 seconds remaining before damage is permanent,” says one of the websites a screenshot published by BornCity reads.
One of the key components of a successful scam is to make the process seem legitimate. With that in mind, bad actors redirect users to websites that appear to be from Microsoft’s security team. Believing they have a malware problem and that the scan is from Microsoft, unwitting users get compromised.
“Your Microsoft Windows system is currently out of date and corrupted. This causes automatic deletion of your system files. Follow the instructions immediately to resolve this problem and make sure your system stays up to date,” another message reads.
These kinds of scams target Windows 10 users who many not know better. Luckily, preventing them is a very easy thing to do. Its true inexperienced users can get tricked by these official looking ads and websites.
However, in most cases the bad actors need user interaction to implement the malicious content. In most cases, simply closing down the browser window for the website telling you about the fake infection will stop it. Under no circumstances should you interact with a link or anything else on the page itself.