Latest Tech Support Scam is Freezing Chrome Browsers

By RMON Networks | July 5, 2018
tech support scam

A recent Microsoft survey revealed that the number of reported tech support scams has grown by over 24% over the past year. While most of these incidents involve cold calls from fake customer service representatives, a substantial number of scams have also been initiated through website pop-ups and malicious email campaigns. Now, Malwarebytes has uncovered a new tech support scam that leverages vulnerabilities in the Chrome browser to trick inexperienced victims into paying for unnecessary software and virus removal services.

How the Scam Works

When Internet users access one of the scammer’s websites, a pre-loaded JavaScript code launches into action starting thousands of download operations through Chrome’s public API. As the browser tries to save the same file to disk repeatedly in just a few seconds, the program’s memory resources are quickly overloaded and Chrome becomes completely unresponsive. As Chrome eats up memory, the OS itself can become sluggish. The Javascript code also prevents users from exiting out of the screen by pressing the “x” button.

Once the browser freezes, a message pops up informing the visitor that their system is infected by dangerous malware and that their sensitive details are under threat of theft. The pop-up urges the victim to call a bogus tech support line immediately to get the virus removed. Faced with a serious system failure, less experienced computer users often respond to this alert by calling the provided number.

From there, the tech support scammers will try to get callers to pay for virus removal services. Although sometimes, they make seek to gain remote access to the victims’ computers so they can install key-logging and monitoring software that will allow them to steal passwords and credit card details from their victims’ computers.

Updated Technique

An earlier version of this browser stalling technique was detected in late 2016. This scam targeted a well-known bug in the history.pushState API to freeze Chrome in a very similar fashion. While Google patched that issue, they are yet to address this new iteration of the code which uses yet another API known as window.navigator.msSaveOrOpenBlob to trigger its download bombing mechanism. These exploits have only been used on Chrome browsers although other URLs and similar techniques are being used to target Firefox and Edge users.

On these browsers, users are more likely to be targeted with tricky pop-unders that trap them between a full-screen background window and a partially visible pop-up superimposed on top. When users try to close the smaller foreground window, they are shown an obscured Stay or Leavewindow. This menu is positioned in such a way that users can only select the Stay option, which makes it extremely difficult to navigate away from the malicious webpage.

end task

What to Do if Your Browser Freezes?

Do not call the provided helpline number under any circumstances. These scams will only be effective if you’re in a panicked state. Relax, and follow these steps.

  • Press the Ctrl + Alt + Del on your keyboard.
  • Click Task Manager or Start Task Manager on the new window.
  • Under the Apps tab, find the Google Chrome browser. Click this option so that is highlighted.
  • Click End Task
  • Exit the Task Manager

The offending webpage should now be closed.

Talk to the Experts

If you have been targeted by a tech support scammer and you are unsure about the integrity of your systems then we can help. Our experts can help you recover sensitive information and secure your computer against any further threats.

Contact Us today for more details.

Leave a Comment

Your email address will not be published.