Tech support scams come in many forms; from basic popup messages or fake screenshots posted on websites to sophisticated operations that try to block users from leaving a site or closing a popup.
Malwarebytes discovered a new sophisticated tech support scam operation recently that affects Chrome, Firefox, Brave and probably other web browsers as well.
The scam uses a public API that browser's support to overload it with file downloads to increase CPU and memory usage so that the browser freezes and becomes unresponsive.
The Blob constructor coupled with the window.navigator.msSaveOrOpenBlob method lets you save files locally and, as you may have guessed, is what is being abused here.
A script is executed when a user visits a specially prepared web page. This script initiates more than 2000 downloads at once which freeze the browser so that it cannot be closed anymore through normal means.
While some browsers have protections in place to block too many downloads from happening at once, Malwarebytes notes that the initiation of downloads happens so quickly that the prompt never displays. This happened on Windows 7 and Windows 10 systems running the latest stable version of Google Chrome.
The scam page in question displays a prompt to the user that you see on the screenshot above. This message attempts to scare the user by stating that information such as the Facebook login, credit card details or photos on the PC, is being stolen.
A "Call Microsoft" call to action is attached to the prompt to get affected users to call the listed support number which is not an official Microsoft number of course. Users should not call that number under any circumstances.
Malwarebytes notes that the scam attacks users through so-called malvertising campaigns. This involves abusing advertisement on websites to trick users into opening the support scam page.
Any content blocker worth its salt should block these ads and the script that runs on the support scam page. If you are affected, try opening the Task Manager to close Chrome this way, or use the power or reset button on the computer and restart the PC afterward.
Now You: Have you been affected by malvertising campaigns in the past?
If you like our content, and would like to help, please consider making a contribution: