Con artists pushing tech-support scams are once again exploiting a Chrome bug that can give users the false impression they’re experiencing a serious operating-system error that requires the urgent help of a paid professional, according to a Google developer forum. A Mozilla developer forum indicates a similar bug may also be present in Firefox.
The scam technique, which came to light in February, works by abusing the programming interface known as the window.navigator.msSaveOrOpenBlob. By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it's impossible for normal users to see what's happening. Within five to 10 seconds, the browser becomes completely unresponsive. Users are left viewing pages that look like the one above or on the left side of the image, below, both of which were provided in February by antivirus provider Malwarebytes:
The technique effectively freezes a browser immediately after it displays a fake error message reporting some sort of security breach or serious technical mishap. Given the appearance of a serious crash that can't be fixed simply by exiting the site, end users are more likely to be worked into a panic and call a phone number included in the warning. Once called, the scammers—posing as representatives from Microsoft or another legitimate company—then coax the caller into providing a credit card number in return for tech support to fix the non-existent security problem. The scams are often transmitted through malicious advertisements or legitimate sites that have been hacked.
According to a page on Google’s Chromium bug tracker, the underlying bug was fixed with the release of Chrome version 65 in mid February. An update posted last month, however, says the bug resurfaced with the release of Chrome 67 and is actively being exploited. Later updates in the same thread showed that other users were also experiencing browser freezes.
Malwarebytes Lead Malware Intelligence Analyst Jérôme Segura reported on Twitter last month that a similar technique also works against Firefox. He pointed to this Mozilla forum opened in February that gives no indication the bug was ever fixed. Bleeping Computer, which reported the revival of the Chrome freezing bug earlier Tuesday, said reporters used previously released proof-of-concept exploits to test both the Brave and Vivaldi browsers and found they, too, froze. Opera also froze for a short period, according to Bleeping Computer, but they eventually let testers switch out of the malicious tab. The tests showed that Microsoft Edge and Internet Explorer were not affected.
A Google representative said, "We are aware of the issue and are working on addressing it." A Firefox representative said: "We do intend to address this item. We are working towards completion of our Q3 priorities and this is among them. This update will be pushed to nightly for verification of the fix’s efficacy. The bug reporter will automatically be notified of that work in process."
The most important thing to remember when encountering a browser window displaying a tech-support scam message is to not panic and to never call the phone numbers displayed. When all else fails, the browsers can almost always be unlocked by using the Windows Task Manager (control-alt-delete) or the macOS Force Quit feature (Apple menu).
Post updated to add comment from Mozilla.
Listing image by Daniel Gómez / Flickr
reader comments
119