Tech support scammers have found a new crafty method to hijack Google Chrome browsers and target users, using Chrome`s fullscreen mode and a specially designed image.
This clever trick relies on new tech support pages, which impersonate the official Microsoft website`s visual style. If users load these pages via Chrome, their browsers are put in fullscreen mode by a hidden JavaScript code. Whereas both the browser’s address bar and top IU toolbar are hidden, the cybercriminals load a JPEG image at the top pf the page, which is specially designed to mimic Chrome’s original UI bar.
No user would manage to notice the difference, unless they are using a Chrome version with different UI, a custom browser theme, or their mouse is circling around the top of the page.
This innovative technique and one more, also focusing on Chrome users as targets, were noticed by the Malwarebytes team.
In the second one, crooks were relying on popups, imitating the original Chrome alerts, which ask users if they want to “prevent this page from creating additional dialogs”. Even if the user ticks the right checkmark, the popups didn’t stop displaying alerts. On the contrary, they start showing more and more of them.
Crooks were hoping that when Chrome detects the phony JavaScript alerts abusing page and shows the actual “Prevent this page from creating additional dialogs” popup, users would get suspicious and wouldn’t tick the checkmark. Or, in the other case, they would press “OK” and give them permission do display as many popups as they want.
These tricks prove once again how creative scammers can get and how far they are willing to go to make victims call their tech support centers.
What is even worse is that these support sites are just too many, as, usually, each of the crooks registers hundreds of domains. For instance, MalwareHunterTeam found a scammer with more than 200 domains set up, using them to help tech support scams for months.
As we have said before in a phishing attacks article, web browsers need approximately 10 hours in order to spot a threat and mark it as perilous. Moreover, hosts` slow response time to the security researchers` reports not only increases the number of such attacks, but also, the slower they answer, the slower the crook’s website will be taken down.
