Windows Chrome users: Tech-support scams try new trick to freeze your browser

Get an ad-blocker if you want to dodge tech-support scammers' latest rapid-download ruse.

 

Tech-support scammers have developed a new trick to freeze browsers on a bogus security alert with a number to a fake support line.

The ultimate goal of the browser freeze is to cause stress to lots of potential victims in the hope some will call the bogus hotline offered in the alert.

Previously, tech-support scams have used pop-under windows, pop-up loops, and other shady techniques that aim to prevent users from closing the bogus security alert page. Scammers frequently use malicious ads to nudge browser users to booby-trapped webpages that freeze the browser.

A new technique found by researchers at Malwarebytes targets the current version of Chrome, 64.0.3282.140, on Windows.

This scam works by instructing the browser to rapidly download thousands of files from the web, which quickly results in Chrome becoming unresponsive and makes it impossible to close tabs or the window by clicking the X button.

Malwarebytes' Jerome Segura said that the booby-trapped pages in this case include code that abuses a web application programming interface for saving files from the web on the browser.

The code is set to download 'blob' objects at half-second intervals, leading to a huge number of concurrent downloads that causes the browser to freeze and a large spike in CPU and memory usage.

The tech-support scam locks up Chrome with rapid downloads.

Image: Malwarebytes

Segura contends that given most of these browser lockers reach users via malvertizing, one effective method of countering the threat is to use an ad-blocker.

He also notes that people who have landed on one of these pages can escape them by going to the Windows Task Manager and force quitting the offending browser processes.

Chrome is often targeted because of its huge number of users, making it ideal for indiscriminate and widespread attacks that are usually delivered by malicious ads.