Tech Support Scams are low level when it concerns exploiting a vulnerability. These scammers are mostly interested in proving to the user that something is wrong with the computer system. In order to gain the confidence of the unsuspecting victims, these scammers resort to all sorts of tricks ranging from taking the remote connection and showing these users some arbitrary computer process or event logs to calling up their potential victims and telling them that they have detected some anomaly in the system.
This time it’s a bit different. Tech Support Scammers have utilized a two year old bug affecting Chrome Browser. This bug has been described as “hang bug in history.pushState()” . The google team has classified this bug as a low level DDOS bug, however they are yet to patch this up. You may read more about this bug over here (https://bugs.chromium.org/p/chromium/issues/detail?id=394296) However, due to the loop which gets executed for One Lakh times, it not just affects Chrome Browser, but in our case it also affected Firefox Browser. However, tests with Internet Explorer failed, as Internet explorer successfully redirected.
The Scary Message
The scammers have not just used this bug to prove to the victims that something is really wrong with their system, but have also used IVONA, a text to Speech service to create a voice message “Morning, You might be under online surveillance. Call immediately to solve the issue. ” which is played in “auto loop” as long as the browser is kept open.
Ivona Text to Speech Service
A sneek peek into the code shall revel to us not just the infamous vulnerability but also the Scary Voice message which is being played.
The Voice Message
Scammers may go to any lengths, however, its upto us on how we deal with these situations.
Points to Remember
1: Ensure that you have installed an antivirus and regularly scan your system for detection/mitigation of threats.
2: Driveby downloads, will never advertise the fact that your system has been infected.
3: When you come across a web-site or an advertisement, which states that your system has been infected, ensure that you close the browser, and in case you aren’t able to close the browser then, use Task Manager to close the browser, clean up the browser cache.
Till then Stay Safe.
One Comment
Cynthia
Tech support scams have been around for more than a decade already and they still manage to trick users in availing their service. The irony is that instead of protecting their devices from such threats, they are actually the ones damaging a user’s device.