Blurred Lines: AdTech Abuse Delivers Browser Hijackers Through the Microsoft Store

Trinity Cyber describes an active campaign that uses typo-squatted domains and an AdTech-based pseudo TDS (PseudoTDS) to funnel users to Microsoft Store PWAs that deploy a previously undocumented browser hijacker called PhantomJack; the malware can read bookmarks and history, install unauthorized extensions, and change default search engines, and researchers identified ~45 landing domains, GTAG identifiers and 16 active apps in the Microsoft Store.