Malicious ads and booby-trapped Web pages are using an application programming interface (API) to freeze users' Chrome web browser, the cybersecurity firm Malwarebytes reported yesterday. The scam offers victims a "fix" in the form of a notification to call a fake tech-support service and pay for help.
The dodgy tech support API is one of an increasing number of fake browser alerts spotted in the wild over the past few months, Malwarebytes analyst Jérôme Segura wrote in a blog post. Such tactics are aimed at scaring users into paying hundreds of dollars to unlock their frozen browsers.
While browser-makers have been working to improve defenses, Segura said, scammers have continued to look for new ways to exploit weaknesses in the software. This latest malware targets Windows users browsing with Google Chrome, currently the most widely-used browser, although other techniques are being used against other browsers, as well.
"[T]his is yet another example of the desire for threat actors to deploy new social engineering schemes," Segura wrote.
Step One: Don't Panic
Users who encounter the Chrome-targeting fake alert will see an alert window pop up warning that their device has been infected by malware. The alert also provides a toll-free number that purports to be for Microsoft support, but instead connects victims to a scam service.
The malware works by launching several functions in succession, taking advantage of the Chrome browser's ability to save files locally.
"It happens too fast to see how it works, but you may be able to spot it with a powerful enough machine and if you try to close the tab early on," Segura wrote. "That code triggers a very large number of downloads in rapid fire, which causes the browser to become unresponsive within a few seconds, and unable to be closed via normal means."
Users who encounter such malware lockers should be careful not to panic, and shouldn't call the offered number for "support," Segura said. Instead, they can force the browser into quitting using Windows Task Manager, although ad blockers can also help prevent such attacks, he said.
'A Highly Profitable Business'
"Tech support scammers have been relying on fraudulent pop-ups for many years in order to scare potential victims into calling for remote assistance," Segura wrote in another post about such malware in December.
"From a technical stand point, browser lockers are on the low side of the scale compared to malware such as ransomware," he continued. "However, they benefit from great distribution channels via malvertising, guaranteeing that millions of people are affected by them. Consider that scammers charge an average of $400 per victim, and you soon realize that this is a highly-profitable business."
Windows 10 users can force quit by pressing Control + Alt + Delete or Control + Shift + Escape. This opens up the option to launch the Task Manager, select the unresponsive application, and then click "End task."