Cybercriminals, who pretend to be from Microsoft, have found a new method to scam internet users. Through a HTML5 bug Google's Chrome they can freeze the computer after which the a web page is shown to the victim that tries to convince him to call a 'helpdesk'.
The 'helpdesk' is actually run by the scammers and is abused by them to gain access to the computer of victims and/or to make the victim pay for solving non-existing technical issues. The 'tech support scam', as this kind of fraud is known, can be performed in several ways. The scammers can call people at home and claim they are from e.g. Microsoft, show a popup that tries to convince the user they have technical issues and should call a number listed on the popup, or show advertisements on search engines that appear to be of the helpdesk of a computer manufacturer but actually is a phone number run by scammers.
This time the criminals have found a method that abuses a known HTML5 bug in Google Chrome that consumes all memory and CPU cycles from the computer. When the bug, already known to Google since 2014, is exploited, it makes the computer freeze. The actual code that freezes the computer consists of only 7 lines of Javascript code.
When code is run and the computer is frozen, a website is shown that appears to be from Microsoft and which alerts the user that his computer is infected with a Virus.Trojan.worm! 055BCCAC9FEC. The page states that users should 'immediatley' [sic] call a number provided on the webpage for technical support.
"Depending on your computer’s specifications you may or may not be able to launch Task Manager to kill the browser process. Otherwise your system will be brought to its knees and a hard reboot may be the only option left. Whatever you do, please do not call the phone number for support because it is not Microsoft’s but rather a group of scammers waiting to rob you of hundreds of dollars under false pretenses", Jérôme Segura from MalwareBytes writes in a blog.
Malwarebytes also reported the bug again to Google and hopes that now the bug is actively exploited by cybercriminals, it will be fixed soon.
