Despite Google trying its best to put an end to tech support scammers, attackers are adopting an age-old method to scam users and lock out their web browsers. Unlike the previous attacks that attempted to flood a user’s system with a large number of file requests to crash a web browser, the new variant is designed to prevent any browser access and initiates a virus download.
According to Malwarebytes, “the flooding technique that abuses the window.navigator.msSaveOrOpenBlob method, which we reported on this blog before, has already been fixed in Google Chrome. What we see here instead is a blend of a previously-exploited HTML5 method known as history.pushState() and the Anchor download technique.”
Users are taken to a fake Microsoft website through malicious links and once redirected to the scam website via malicious advertising chains. The landing page uses a number of tricks including restriction of mouse and keyboard usage as well as forced full-screen mode. The page also started an automated virus download titled “This is a VIRUS. You computer is blocked”.
The downloaded file is an exact copy of the HTML code displayed on the malicious website but cannot harm your system as a generic virus or malware could. It is simply designed to scare users and is a social engineering malware more than anything else. The developers were able to create the malware using jQuery library (jquery-3.3.1.min.js) and a few blocks of JavaScript.
The virus download is handled differently by different browsers and many times it goes undetected by some browsers as the developers use legitimate features and web standards to build them. The issue can be prevented through the use of proper security software that alerts you about malicious links and downloads even before you download any files.
What do you think about the browlock social engineering virus? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.