Google Chrome is the current target of a malvertising campaign that aims to trick users into calling a fake tech support line. Tech support scams have become a popular tactic for malware distributers because they prey on a user’s ignorance and fear instead of relying on the overt extortion tactics used by ransomware.
The Google Chrome browser scam uses an exploit in the current version of Chrome to overload the browser and cause a system freeze. The scam works by telling the browser to initiate a loop of hundreds of small file downloads. Because the browser is forced to process the each download request, the browser quickly eats up computer memory and processor power and freezes the active window. To accompany the browser freeze, the attack posts a splash screen informing the user that their system has become infected and that they need to contact Microsoft. Not surprisingly, the tech support number does not belong to Microsoft and instead connects to the scammers who will happily collect user personal information and credit card numbers in order to fix the problem.
Chrome became the prime target for browser based malware when it overtook Firefox and Internet Explorer as the most popular web browser. While Google has generally been good about policing their own service and preventing malware and exploits, the large user base means any exploit that does make it through will have a large impact.
The Chrome browser scam spreads primarily through malvertising; the act of embedding malware into website advertisements. When a user clicks onto an advertisement, instead of arriving on the webpage they expected, they will be sent to a webpage crafted to exploit the browser vulnerability. Because most of these scams rely on advertisements, one of the best preventative measures is a good browser based ad blocker. While an ad-blocker won’t block the malware itself, it will at least prevent a user clicking on deceptive advertisements and phony links.
Google has yet to comment on the browser API exploit that makes the browser freeze possible. Until an official fix is in place, one thing to remember is that it is possible to bypass the attack. By accessing the Windows Task Manager it is possible to manually override and close a locked window. Be aware, however, that force closing the Chrome browser in this manner will result in the loss of any saved data that had been entered in any open browser tabs. Furthermore, when you re-open Chrome make sure you DO NOT choose the “Restore Previous Session” option, as this will reopen the malware infected webpage.