Technical-support scam is a type of Internet fraud that is widely used by scammers. It mainly uses social engineering and fear tactics, which explains why so many users fall for it and pay for unnecessary technical support services they surely do not need. These scams might use websites to convince users to contact technical support, or they might employ malicious scripts to open browsers in full-screen or show fake pop-ups that cannot be easily closed. Also, some technical-support scams might install executable files on compromised machines just like serious malware. Researchers at Malwarebytes Labs are sure these are not all tricks because they have recently come across a new tactic used by scammers to make sure users cannot close bogus pages opened for them and, instead, go to call a fake support line immediately. A new technique found by researchers targets the Google Chrome browser version 64.0.3282.140 only, and it works on Windows only. Instead of showing pop-ups, pop-under windows, using malicious scripts, or dropping files on victims’ computers, scammers use a very specific technique that allows them to make Google Chrome browsers unresponsive in 10 seconds. According to Jérôme Segura working at Malwarebytes Labs, the popularity of this new technique has increased after Google Chrome developers have fixed a bug in HTML5 that allowed scammers to freeze computers.
The new technique cyber criminals use allows them to freeze users’ Google Chrome browsers. To put it differently, it becomes unusable immediately after it displays a fake error message claiming that certain security details might be stolen from the system. By freezing browsers ordinary users use to browse the web, scammers expect that more users will contact “technicians,” i.e. dial the telephone number they see. Once they make a call, scammers present themselves as representatives of Microsoft or another company and claim that they can easily fix the problem that has occurred. It goes without saying that this problem does not exist. This tech-support scam is only used to obtain some money from users who are willing to pay for the service. In addition, scammers might use it to be able to gain access to users’ computers and/or get some personal details about them.
Let’s get slightly more technical. The technique reported by Malwarebytes Labs freezes Google Chrome browsers by abusing the programming interface called window.navigator.msSaveOrOpenBlob (it is a method allowing to save files locally). To be more specific, scammers force the browser to save files to disk over and over again at very fast intervals that are impossible to notice. They use the API and other functions to do that. The large number of downloads causes the browser to freeze in 10 seconds. In addition, the usage of CPU and memory considerably increases (this can be noticed in Task Manager). As a consequence, affected browsers can no longer be closed via normal means.
Since users cannot close their browsers normally (by clicking X), cannot close the opened tab, and they see a frightening message claiming that their personal details, including credit card details, ONLINE SAS Account Login, and photos stored on the system will be stolen if they do not call the technical support right away, a bunch of users dial +1-888-876-8163, but, of course, they do not get any problems fixed because they simply do not exist. It is a reason why there is no point in paying money for the service either. It should also be emphasized that there are no guarantees that the telephone number indicated on the fake alert is a toll-free one.
Users of Internet Explorer, Mozilla Firefox, Safari, and other browsers can stay calm because scammers can only affect Google Chrome. Specialists working in the cybersecurity department say that there is one thing users can do to avoid tech-support scams that freeze Google Chrome browsers. They should keep an ad-blocker on. If this did not help and you still encountered the technical-support scam that has made it impossible to use the web browser, do not panic and do not contact “Microsoft support” by calling the telephone number left for you. Instead, access Task Manager and kill the process of your browser to close it. Make sure it does not restore the last browsing session!
References:
- Free images. Pixabay
- Goodin, D. Tech-support Scammers Have a New Trick to Send Chrome Users into a Panic. ARS Technica
- Rayome, A. D. Google Chrome Users: Don’t Fall Prey to This Fake Tech Support Scam. TechRepublic
- Seguara, J. Tech Support Scammers Find New Ways to Jam Google Chrome. Malwarebytes Labs
- Tung, L. Windows Chrome users: Tech-support Scams Try New Trick to Free Your Browser. ZD Net