HackDig : Dig high-quality web security articles for hacker

Tech Support Scammers Find New Trick to Hijack Chrome Browsers

2016-08-29 07:40

Tech support scammers have come up with a devilish new trick to fool unsuspecting victims, relying on a cleverly crafted image and Chrome's fullscreen mode.

Their new tactic relies on crafting new tech support pages mimicking the visual style of the official Microsoft website.

When users navigate to this page via Chrome, hidden JavaScript code puts the victim's browser in fullscreen mode. While the browser's top UI toolbar is hidden, including the address bar, crooks load a JPEG image at the top of the page, crafted to look like Chrome's original UI bar.

Unless the user is using some sort of custom Chrome theme, a Chrome version with a different UI, or hovers their mouse near the top of the page, they won't be able to spot the difference.

Scammers will also spoof native Chrome popups

The Malwarebytes team spotted this new devilish trick, and they discovered a second one as well, also targeting Chrome users.

In this one, scammers were creating popups that mimicked the original Chrome alerts that asked users if they wanted to "prevent this page from creating additional dialogs."

Crooks were using these fake popups, but when users ticked the appropriate checkmark, they continued to show more and more alerts.

Scammers were hoping that, when Chrome detected the page of abusing JavaScript alerts and showed the real "Prevent this..." popup, users would distrust it and not tick the checkmark, or press "Ok," giving it free reign to show as many popups as they wanted afterward.

Most scammers go undisturbed

Clever tricks like these show the broad range of techniques that some scammers are willing to deploy in order to trick users into calling their tech support call centers.

And it's not like there are 10-20 tech support sites out there. Each of these crooks usually sets up hundreds of domains.

For example, this scammer discovered by MalwareHunterTeam had registered over 200 domains, which he was using to serve tech support scams for the past four months.

As we've explained in a previous article about phishing sites, it takes about 10 hours for browsers to detect these threats and mark them appropriately. Additionally, some web hosting firms are also to blame because they sometimes take months to respond to reports from security researchers and take down the crook's website.

Fake UI toolbar at the top of a page, embedded as a JPEG image
Fake UI toolbar at the top of a page, embedded as a JPEG image


Source: 517705-sresworb-emorhc-kcajih-ot-kcirt-wen-dnif-sremmacs-troppus-hcet/swen/moc.aideptfos.swen

Read:2707 | Comments:0 | Tags:Advisories

“Tech Support Scammers Find New Trick to Hijack Chrome Browsers”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud