Security News Tech Support Scammers Find New Trick to Hijack Chrome Browsers

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Tech support scammers have come up with a devilish new trick to fool unsuspecting victims, relying on a cleverly crafted image and Chrome's fullscreen mode.

Their new tactic relies on crafting new tech support pages mimicking the visual style of the official Microsoft website.

When users navigate to this page via Chrome, hidden JavaScript code puts the victim's browser in fullscreen mode. While the browser's top UI toolbar is hidden, including the address bar, crooks load a JPEG image at the top of the page, crafted to look like Chrome's original UI bar.

Unless the user is using some sort of custom Chrome theme, a Chrome version with a different UI, or hovers their mouse near the top of the page, they won't be able to spot the difference.

Scammers will also spoof native Chrome popups
The Malwarebytes team spotted this new devilish trick, and they discovered a second one as well, also targeting Chrome users.
In this one, scammers were creating popups that mimicked the original Chrome alerts that asked users if they wanted to "prevent this page from creating additional dialogs."

Crooks were using these fake popups, but when users ticked the appropriate checkmark, they continued to show more and more alerts.

Scammers were hoping that, when Chrome detected the page of abusing JavaScript alerts and showed the real "Prevent this..." popup, users would distrust it and not tick the checkmark, or press "Ok," giving it free reign to show as many popups as they wanted afterward.

Most scammers go undisturbed
Clever tricks like these show the broad range of techniques that some scammers are willing to deploy in order to trick users into calling their tech support call centers.

And it's not like there are 10-20 tech support sites out there. Each of these crooks usually sets up hundreds of domains.

For example, this scammer discovered by MalwareHunterTeam had registered over 200 domains, which he was using to serve tech support scams for the past four months.

As we've explained in a previous article about phishing sites, it takes about 10 hours for browsers to detect these threats and mark them appropriately. Additionally, some web hosting firms are also to blame because they sometimes take months to respond to reports from security researchers and take down the crook's website.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Thanks for the share, wasn't aware that some webpages could be tricky to escape from.

YPjyhGE.gif
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
How can you prevent this in Chrome I've blocked pop-ups and allow websites to show notifications. Trust no one, your not safe anywhere!
 
  • Like
Reactions: Der.Reisende
H

hjlbx

How can you prevent this in Chrome I've blocked pop-ups and allow websites to show notifications. Trust no one, your not safe anywhere!

Pop-up blocker will not prevent it. In Chrome hidden settings you might be able to permanently disable full screen mode - but you'll have to ask one of the dedicated Chrome users how to do it. @Umbra surely knows how to access the hidden settings.
 
  • Like
Reactions: Der.Reisende
D

Deleted member 178

in Chome tweaks , you have the simplified fullscreen mode set as default; maybe disabling it may block this kind of attack.

type: chrome://flags

then search for: fullscreen then disable it.

Im not sure, if it disable the fullscreen or just use old method for displaying it.
 
  • Like
Reactions: Der.Reisende

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Such a clever technique, which why having siteadvisor or adblocker will save through this because of it can scan deep on possible malicious scripts

HTTPS certificates does not guaranteed safe or legitimate cause anyone can afford as long you have money to do it.
 
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top