Huge Scam Freezes Chrome: But Do Not Panic. Do Not Call.
Malicious ads and booby-trapped Web pages are using an application programming interface (API) to freeze users' Chrome web browser, the cybersecurity firm Malwarebytes reported yesterday. The scam offers victims a "fix" in the form of a notification to call a fake tech-support service and pay for help.
The dodgy tech support API is one of an increasing number of fake browser alerts spotted in the wild over the past few months, Malwarebytes analyst Jérôme Segura wrote in a blog post. Such tactics are aimed at scaring users into paying hundreds of dollars to unlock their frozen browsers.
While browser-makers have been working to improve defenses, Segura said, scammers have continued to look for new ways to exploit weaknesses in the software. This latest malware targets Windows users browsing with Google Chrome, currently the most widely-used browser, although other techniques are being used against other browsers, as well.
"[T]his is yet another example of the desire for threat actors to deploy new social engineering schemes," Segura wrote.
Step One: Don't Panic
Users who encounter the Chrome-targeting fake alert will see an alert window pop up warning that their device has been infected by malware. The alert also provides a toll-free number that purports to be for Microsoft support, but instead connects victims to a scam service.
The malware works by launching several functions in succession, taking advantage of the Chrome browser's ability to save files locally.
"It happens too fast to see how it works, but you may be able to spot it with a powerful enough machine and if you try to close the tab early on," Segura wrote. "That code triggers a very large number of downloads in rapid fire, which causes the browser to become unresponsive within a few seconds, and unable to be closed via normal means."
Users who encounter such malware lockers should be careful not to panic, and shouldn't call the offered number for "support," Segura said. Instead, they can force the browser into quitting using Windows Task Manager, although ad blockers can also help prevent such attacks, he said.
'A Highly Profitable Business'
"Tech support scammers have been relying on fraudulent pop-ups for many years in order to scare potential victims into calling for remote assistance," Segura wrote in another post about such malware in December.
"From a technical stand point, browser lockers are on the low side of the scale compared to malware such as ransomware," he continued. "However, they benefit from great distribution channels via malvertising, guaranteeing that millions of people are affected by them. Consider that scammers charge an average of $400 per victim, and you soon realize that this is a highly-profitable business."
Windows 10 users can force quit by pressing Control + Alt + Delete or Control + Shift + Escape. This opens up the option to launch the Task Manager, select the unresponsive application, and then click "End task."
Image credit: Google/Chrome; iStock/Artist's concept.
Posted: 2018-02-11 @ 8:25am PT
Been going around, saw similar thing with Safari on iPad only it was fake Apple Care and it froze Safari too. Given that Chrome and Safari are WebKit siblings maybe there is a connection?
CG in MA:
Posted: 2018-02-09 @ 7:50am PT
I saw this same hijack February 7 on Firefox. Resetting the browser after restarting it with addons disabled cured the annoyance.
Posted: 2018-02-09 @ 5:05am PT
@Bob_WA: Yes, according to Malwarebytes that did the research, the bug has been traced to malicious ads and booby-trapped Web pages. It's a very elaborate scam that they found to be connected to paid stories promoted by Taboola (and possibly other sites too). These are often fake stories about celebrity deaths that are intentional click-bait to entice unsuspecting and perhaps less sophisticated readers to click. Malwarebytes explained that the malicious publishers will publish legitimate news stories for a while, to establish a legitimate reputation, and then they'll toss in a story with a malicious link.
Posted: 2018-02-08 @ 9:17pm PT
I have seen a few versions of this story but I am still puzzled. How does your pc catch this bug? From a bad web page? E-mail link? Something else?