Tech Support Scammers may freeze your browser
by Martin Brinkmann on February 08, 2018 in Internet - 11 comments
Tech support scams come in many forms; from basic popup messages or fake
screenshots posted on websites to sophisticated operations that try to
block users from leaving a site or closing a popup.
Malwarebytes discovered a new sophisticated tech support scam operation
recently that affects Chrome, Firefox, Brave and probably other web
browsers as well.
The scam uses a public API that browser's support to overload it with
file downloads to increase CPU and memory usage so that the browser
freezes and becomes unresponsive.
The Blob constructor coupled with the window.navigator.msSaveOrOpenBlob
method lets you save files locally and, as you may have guessed, is what
is being abused here.
malwarebytes browser freeze
via Malwarebytes
A script is executed when a user visits a specially prepared web page.
This script initiates more than 2000 downloads at once which freeze the
browser so that it cannot be closed anymore through normal means.
While some browsers have protections in place to block too many
downloads from happening at once, Malwarebytes notes that the initiation
of downloads happens so quickly that the prompt never displays. This
happened on Windows 7 and Windows 10 systems running the latest stable
version of Google Chrome.
The scam page in question displays a prompt to the user that you see on
the screenshot above. This message attempts to scare the user by stating
that information such as the Facebook login, credit card details or
photos on the PC, is being stolen.
A "Call Microsoft" call to action is attached to the prompt to get
affected users to call the listed support number which is not an
official Microsoft number of course. Users should not call that number
under any circumstances.
Malwarebytes notes that the scam attacks users through so-called
malvertising campaigns. This involves abusing advertisement on websites
to trick users into opening the support scam page.
Any content blocker worth its salt should block these ads and the script
that runs on the support scam page. If you are affected, try opening
the Task Manager to close Chrome this way, or use the power or reset
button on the computer and restart the PC afterward.
--
David Goldfield, Assistive Technology Specialist WWW.David-Goldfield.Com