Security News Tech Support Scammers Find New Trick to Hijack Chrome Browsers

[Exterminator]

Tech support scammers have come up with a devilish new trick to fool unsuspecting victims, relying on a cleverly crafted image and Chrome's fullscreen mode.

Their new tactic relies on crafting new tech support pages mimicking the visual style of the official Microsoft website.

When users navigate to this page via Chrome, hidden JavaScript code puts the victim's browser in fullscreen mode. While the browser's top UI toolbar is hidden, including the address bar, crooks load a JPEG image at the top of the page, crafted to look like Chrome's original UI bar.

Unless the user is using some sort of custom Chrome theme, a Chrome version with a different UI, or hovers their mouse near the top of the page, they won't be able to spot the difference.

Scammers will also spoof native Chrome popups
The Malwarebytes team spotted this new devilish trick, and they discovered a second one as well, also targeting Chrome users.

In this one, scammers were creating popups that mimicked the original Chrome alerts that asked users if they wanted to "prevent this page from creating additional dialogs."

Crooks were using these fake popups, but when users ticked the appropriate checkmark, they continued to show more and more alerts.

Scammers were hoping that, when Chrome detected the page of abusing JavaScript alerts and showed the real "Prevent this..." popup, users would distrust it and not tick the checkmark, or press "Ok," giving it free reign to show as many popups as they wanted afterward.

Most scammers go undisturbed
Clever tricks like these show the broad range of techniques that some scammers are willing to deploy in order to trick users into calling their tech support call centers.

And it's not like there are 10-20 tech support sites out there. Each of these crooks usually sets up hundreds of domains.

For example, this scammer discovered by MalwareHunterTeam had registered over 200 domains, which he was using to serve tech support scams for the past four months.

As we've explained in a previous article about phishing sites, it takes about 10 hours for browsers to detect these threats and mark them appropriately. Additionally, some web hosting firms are also to blame because they sometimes take months to respond to reports from security researchers and take down the crook's website.

 

[Ink]

Thanks for the share, wasn't aware that some webpages could be tricky to escape from.

 

[frogboy]

Again i am happy i have never used Chrome browser.

 

[exCode]

I had one of these once, and it was a pain in the ass. I eventually just CTRL+ALT+DELETEd out of there and ended that task.

 

[hjlbx]

The technique can be applied to any browser...

 

[Tony Cole]

How can you prevent this in Chrome I've blocked pop-ups and allow websites to show notifications. Trust no one, your not safe anywhere!

 

[hjlbx]

How can you prevent this in Chrome I've blocked pop-ups and allow websites to show notifications. Trust no one, your not safe anywhere!

Pop-up blocker will not prevent it. In Chrome hidden settings you might be able to permanently disable full screen mode - but you'll have to ask one of the dedicated Chrome users how to do it. @Umbra surely knows how to access the hidden settings.

 

[Deleted member 178]

in Chome tweaks , you have the simplified fullscreen mode set as default; maybe disabling it may block this kind of attack.

type: chrome://flags

then search for: fullscreen then disable it.

Im not sure, if it disable the fullscreen or just use old method for displaying it.

 

[jamescv7]

Such a clever technique, which why having siteadvisor or adblocker will save through this because of it can scan deep on possible malicious scripts

HTTPS certificates does not guaranteed safe or legitimate cause anyone can afford as long you have money to do it.