Tech Support Scammers Extorting Victims via Screen Lockers

Screen lockers are an advanced form of scareware, looking to swindle people out of their money. They show fake messages to mislead people into believing they have a problem with their computer. Then, they ask them to pay a fee for solving the supposed issue. These malicious programs have become the core of bogus call centers. Involving a tech support agent in the scheme gives hackers a better chance to succeed. He will give you a false explanation about your problem and ask for a fee to have it solved.

One of the pioneers from this type of malware used a fake blue screen of death (BSOD) to startle users. It had the ability to lock their desktops. The scareware we are addressing in this article has similar capabilities. The malicious program was identified as Rogue.TechSupportScam. It starts together with the operating system (OS) and blocks the user’s access to his desktop and all other features.

The developers of the clandestine program have done a good job of making it appear genuine. They have devised it to look like a legitimate Microsoft application. The fake tool starts by conducting supposed updates. It then displays a message, saying your version of Windows has expired or it has been corrupted. The scareware asks the user to enter a valid product key to continue using his copy of the OS.

The insidious program has the ability to retrieve your original product key and your computer’s name. This information may be enough to make some users believe the message is genuine. The scareware uses the official Windows background. It includes a copyright claim and lists an error code.

The screen locker provides a technical support line for inquiries. The number of the fake call center is 1-844-872-8686. If you believe the bogus message, you would have questions to ask. The agent you contact will introduce himself as a certified Microsoft technician. He will say he is aware of the issue and tell you it can be solved. The fee for having your computer unlocked is $250 USD.

The scareware comes with a built-in installer for TeamViewer. To access the panel, you have to use the Ctrl+Shift+T shortcut. TeamViewer is a reliable program, but the cyber criminals have put it to use for malicious purposes.

After doing some thorough testing with the scareware, researcher @TheWack0lian was able to find how to disable it. The Ctrl+Shift+S key combination closes the program. Three product keys were also made public: h7c9-7c67-jb, g6r-qrp6-h2 and yt-mq-6w. It should be noted that the latter keys were only tested on a single version of the screen locker. If the rogue program has other versions, they may not work on them. The key combination is the easiest and only guaranteed way of disabling the scareware.

Screen lockers have now become a thing in malware circles. There has been a sharp increase in their development. Researchers have uncovered dark markets for selling infections of this kind. Scareware programs are distributed just like all other computer infections. You need to be careful with the tools you install to your system. Software bundles are often used to spread viruses. Spam e-mails are another common source for malware. Make sure a message is reliable before following instructions from it.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.