Tech support scams happen all the time. They hit closer to home when your browser hits an affected website, locking up your browser behind alert popups and bogus phone numbers promising fixes. Malwarebytes has tracked down a new one that is affecting the Chrome browser for Windows.
The new attack, which affects Chrome version 64.0.3282.140, will tell your browser to immediately begin downloading thousands of files from the web, making the browser unresponsive within seconds. Malwarebytes analyst Jerome Segura said the exploit takes advantage of the Blob and msSaveBlob interface that allows files to be saved locally on your computer. A booby-trapped page triggers the massive number of downloads, spiking CPU and memory usage.
These pages can be reached through what Segura calls malvertising, and can be combated with a standard ad blocker. Also, if the downloads are triggered, users can go to the Windows Task Manager and shut down the browser processes.
Chrome has a restriction on downloads that usually asks users permission to download another file after a first one, but Segura said that the process happens so fast that the popup never occurs:
In our tests both on Windows 7/10, the browser froze before that dialog even came up. The last picture you see with the download prompt asking whether to cancel the downloads or not was triggered by an attempt to close the tab *before* it became unresponsive (which happens within a few seconds only). Otherwise, we did not observe any dialog prompting us to accept/deny the flurry of download attempts.
Windows Defender will soon have an update coming designed to remove scareware style apps, but it is not clear if Defender would catch this before the files would start to download. A fix will likely need to come from Google to patch the hole that allows this to happen.
Source and image: Malwarebytes
9 Comments - Add comment