Another day, another tech support scam – This scam aims at freezing Internet browsers and trick users into calling tech support scam where scammers try stealing personal data.
A new scam campaign has been discovered by Malwarebytes researchers that targets the most reliable internet browsers in the world including Google Chrome Firefox and Brave. The campaign involves sending of a fake error message that contains malicious coding and leads to locking up the browser. According to Malwarebytes’ lead intelligence analyst Jerome Segura, the bug in the error message renders the browser “unresponsive” and makes the Windows OS “unstable” if it is allowed to run for a specific time period.
When the browser is locked by the malicious code hidden in the fake warning, the message then attempts to deceive the user into calling a certain number. The call is received by a person who poses as the representative of a well-known firm such as American Technology firm, and requests for personal or financial information for fixing the problem. Then the real problem for the user begins because once the threat actors receive the required personal or financial information, they can carry out all sorts of scams and gain full control of the computer.
Risk-Based Security’s executive VP Inga Goddijn explains: “These messages are purposely designed to cause fear and provoke users into turning over sensitive information or in some cases even control of their computer. From there, the scammers really are in the driver’s seat.”
The whole idea behind this campaign is to make a browser unusable to such an extent that user is left with no other choice but to seek support. The fake error message informs the user about a security breach due to which the browser has become unresponsive and exiting the website doesn’t resolve the issue. Naturally, the user will start panicking and would eventually provide the required data to get back the control of browser or the device.
In this campaign the window.navigator.msSaveOrOpenBlob programming interface has been abused by the cybercriminals by combining various functions with the API. The browser is forced to store a file to disk again and again at such a quick rate that it becomes difficult to comprehend what is going on. Within merely 5 to 10 seconds, the browser becomes fully unresponsive and users are left with just a page that shows the exhausted Windows’ CPU resources, which instantly panics the user.
Segura further noted: “As far as I can tell this is Chrome specific (other tricks will be used for Firefox, Internet Explorer or Edge based on the user-agent string. I tried to ‘artificially’ replay it with Edge and Internet Explorer by simulating the Chrome user-agent but I was able to normally close the browser. Whoever wrote that code also had Google Chrome in mind. You can see in the screenshot where they named the functions: “bomb_ch”, “ch_jam”, where “ch” stands for Chrome.”
This is just one version of the scam; there are many more variants such as there is a scam that offers fake deals like gift cards after locking up the browser. It is worth noting that the scam campaign isn’t restricted to Chrome only as there are instances where other browsers were also targeted, however, considering that Chrome is a popular web browser, even more, popular than Apple’s Safari, therefore, the number of users at risk of data theft on Chrome is also way higher.
The scam can be blocked by pressing CTRL-ALT-Delete and selecting End Task on Google Chrome as this will terminate the browser. For macOS users, the best possible solution would be to “forcequit” the browser. It is also possible to reset the browser so that it doesn’t open the last opened page again because this will let the fake message reappear and the browser will be locked again.
Moreover, users need to be cautious about providing sensitive personal or financial information to companies at any occasion because no firm would freeze the browser and then ask for sensitive data from the user.
As Malwarebytes’ researchers noted in the blog post that legitimate companies like Apple and Microsoft would never send “unsolicited email messages or make unsolicited phone calls” to ask for sensitive personal or financial data. Therefore, it is the responsibility of users to be skeptical about such unsolicited phone calls and pop-up messages and refrain from providing personal information.
Image via: DepositPhotos/AndreyPopov