Malvertising attack on Microsoft Games

The have been a number of reports of fake virus warnings when using Microsoft Games (and possibly other apps) as shown in screenshot below>>>

As reported in German MC there may be other fake offers for prize redemption.

https://answers.microsoft.com/de-de/windows/forum/all/windows-apps-%C3%B6ffnen-fake-webseiten-mit/62d2039d-8c3a-4684-a994-d43cff7bd7ab

Currently, there is an increase in the number of malicious banner ads that open fraudulent web pages in the standard browser when starting or using apps on Windows 10. These websites either promise winnings in a competition or threaten to infect your PC with viruses. Both are nonsense. 

It's not local malicious software on the PC! As a result, it is not necessary to install any tools to scan or to install the system at all.

As long as you just close the window without confirming any questions to start scans or to pick up winnings, the thing is without consequence. The apps include advertising banners on external networks. About this, also repeated fraudulent banner apparently delivered in addition to normal advertising. Apparently, the operators of these ad networks have their deliveries still not under control. Such things appear every now and then in the Web browser. There, they can at least block through the use of an adblockers.

The relevant Web pages should be reported via the browser as fraud page. Some of them are currently already by the Windows SmartScreen filter considered malignant. To solve the problem on the server side, the corresponding apps should not be used simply.

Who has the ability to block advertising on DNS level, E.g. via a central adblocker on your network such as a Pihole, you should block these sites:

*.adnxs.com
*.nuxues.com

*.vungle.com

Currently Windows Defender SmartScreen is not recognizing all of these and therefore not blocking.

The fake virus warnings eventually direct to a download page for Reimage Repair which is classified by Microsoft as potentially unwanted application (PUA) but not detected as malware by Windows Defender at this time. A scan of the downloaded file at VirusTotal indicates nine different antivirus/antimalware programs detect it as malware and some may block the download or even the landing page for the download.

https://www.virustotal.com/gui/file/a9351e522ac3d86324dfb455617bfa01da737d1b93fe0f16ba5e614e0e904c56/detection

When the fake virus screen appears simply close the page (or tab). If page will not close open Task Manager (Ctrl + Shift + Esc) and kill the browser process (End Task)) As a precaution clear your browser cache and temporary internet files.

For Windows 10 users, more information may be available at Feedback Hub (Windows key + F).

FYI: Through some testing I found Malwarebytes Browser Extension -BETA blocked redirection to malicious sites.

Recent Articles which may provide further updates an Microsoft response:

Windows 10 Apps Serving Malicious Ads Warning of Virus Infections

https://news.softpedia.com/news/windows-10-apps-serving-malicious-ads-warning-of-virus-infections-526265.shtml

Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop

https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop

17/07/2019 Group Behind Windows 10 App Malvertising Pushed 100M Ads in 2019

https://www.bleepingcomputer.com/news/security/group-behind-windows-10-app-malvertising-pushed-100m-ads-in-2019/

~bhringer

Edit:  Removed some content and update.


 

Discussion Info


Last updated November 11, 2019 Views 2,057 Applies to:
Thank you for that info.

At last!

An answer that makes sense.

Thank you!

I think it's a good idea to remind everyone of some basic security/privacy etc precautions.

Suggest reading:

 

How to tighten security and increase privacy on your browser - Malwarebytes Labs | Malwarebytes Labs 

and

Answers to common security questions - Best Practices

 which
  • includes Resources to protect your browser, privacy & help prevent browser pop-up ads and scams