Malwarebytes reports that a new tech support scam is exploited in the wild that targets all recent versions of the Google Chrome browser.
The scam exploits a bug in Chrome's implementation of the history.pushState() method that enables developers to push data "onto the session history stack". Back in 2014, use of the method caused browsers like Firefox, Chrome or Safari to crash.
The new attack uses loops to push loads and loads of data to the browser's history stack. This results in CPU and Memory usage going up to 100% immediately. Google Chrome stops responding -- hangs -- but does not crash or shut down.
The scammers display a warning message on the screen that tells you that your PC has been infected with a trojan, and that you should contact them using a phone number displayed on the page to regain control of the computer.
Microsoft.Inc Warning!System has been infected
Microsoft Identification-Malware infected website visited.Malicious data transferred to system from unauthorized access.System Registry files may be changed and can be used for unethical activites.
System has been infected by Virus Trojan.worm!055BCCAC9FEC — Personal information (Bank Details, Credit Cards and Account Password) may be stolen.System IP Address 184.108.40.206 is unmasked and can be accessed for virus spreading.Microsoft has reported to the connected ISP to implement new firewall.User should call immediatley to Technical Support 1-844-507-3556 for free system scan.
You call the scammers, and they try to get you to pay top Dollars to regain control of your system and get rid of the alleged trojan that is causing the issues.
The attack uses just a couple of lines of code. Malwarebytes makes no mention of other browsers being affected by the bug. It seems likely that other Chromium-based browsers are affected by the issue as well.
Malwarebytes reported the issue to Google. It seems likely that Google is going to block the offending page quickly. Whether Google will fix the bug itself that caused the issue is not clear yet.
Should you encounter the situation, all you need to do is the following:
If you like our content, and would like to help, please consider making a contribution: