Level 52
Content Creator
Malware Hunter
A tech support scam is using a novel technique to hijack the browsing sessions of Google Chrome users.
Browser locking is one such technique that support scams also employ. This technique focuses on redirecting users to "browlock" pages in an attempt to force them to watch videos for the purpose of ad fraud, cause user browsers to seethe with pop-ups that may eventually freeze and crash systems, or prevent victims from clicking away from a warning that their PC is "infected."

In the latter case, the warning often provides a number for "tech support" to resolve the issue, in which fraudsters may attempt to sell "antivirus" software or gain remote access to a user's PC.

One particular tech support scam, dubbed Partnerstroka, has been tracked by antivirus solutions provider Malwarebytes and has now introduced a novel way to hijack browsing sessions.

On Thursday, researchers revealed the details of the attack technique, dubbed "evil cursor." The campaign redirects users to fake pages which contain the new browlock technique, specifically created to work against the latest Google Chrome build, version 69.0.3497.81.