Home / Tech News / Windows Chrome users: Tech-support scams try new trick to freeze your browser

Windows Chrome users: Tech-support scams try new trick to freeze your browser

screen-shot-2018-02-07-at-13-54-33.png

The tech-support scam locks up Chrome with rapid downloads.


Image: Malwarebytes

Tech-support scammers have developed a new trick to freeze browsers on a bogus security alert with a number to a fake support line.

The ultimate goal of the browser freeze is to cause stress to lots of potential victims in the hope some will call the bogus hotline offered in the alert.

Previously, tech-support scams have used pop-under windows, pop-up loops and other shady techniques that aim to prevent users from closing the bogus security alert page.

Scammers frequently use malicious ads to nudge browser users to booby-trapped webpages that freeze the browser.

A new technique found by researchers at Malwarebytes targets the current version of Chrome, 64.0.3282.140, on Windows.

This scam works by instructing the browser to rapidly download thousands of files from the web, which quickly results in Chrome becoming unresponsive and makes it impossible to close tabs or the window by clicking the X button.

Malwarebytes’ Jerome Segura explains that the booby-trapped pages in this case include code that abuses a web application programming interface for saving files from the web on the browser.

The code is set to download ‘blob’ objects at half-second intervals, leading to a huge number of concurrent downloads that causes the browser to freeze and a large spike in CPU and memory usage.

Segura contends that given most of these browser lockers reach users via malvertizing, one effective method of countering the threat is to use an ad-blocker.

He also notes that people who have landed on one of these pages can escape them by going to the Windows Task Manager and force quitting the offending browser processes.

Chrome is often targeted because of its huge number of users, making it ideal for indiscriminate and widespread attacks that are usually delivered by malicious ads.

Previous and related coverage

Google Chrome: Beware these malicious extensions that record everything you do

Developers of malicious extensions are testing new session-replay technique to record and replay victims’ online sessions.

Google Chrome can now spot even brand new phishing pages

Google has rolled out two new tools to combat phishing, and upped Gmail security.

Google: Chrome is backing away from public key pinning, and here’s why

Google wrote the HTTP public key pinning standard but now considers the web security measure harmful.

About admin

Check Also

lg g7 thinq will have dedicated google assistant button 310x165 - LG G7 ThinQ will have dedicated Google Assistant button

LG G7 ThinQ will have dedicated Google Assistant button

(Image: LG G7 ThinQ/Evleaks) LG’s upcoming G7 ThinQ smartphone will feature a dedicated hardware button …

Leave a Reply

Your email address will not be published. Required fields are marked *