Researchers from the security firm Malwarebytes have discovered a new method that tech support scammers use in order to lock the Google Chrome browser. The security firm stated that the attackers are now abusing a programming interface dubbed as the window.navigator.msSaveOrOpenBlob. By taking advantage of this programming interface, hackers can instruct the browser to save a certain file to the hard disk of the computer repeatedly within a very short period of time, resulting in an unresponsive browser. This can be observed by people who were able to close the tab immediately, with the browser displaying a dialog box stating that there are thousands of downloads already in progress. The browser will show a message, informing users that their computers have been blocked by their internet service provider (ISP). The message further claims that they have to immediately call the scammers, which are posing as a legitimate company, at the number provided in the message and that the users should provide personal information to the attackers, including their credit card information, IPS account details, and Facebook account information. The security firm noted that these browser lockers are usually distributed either through malicious advertisements or legitimate websites that have been compromised by the attackers.
Malwarebytes noted that this tactic only works with the Google Chrome browser, and it became popular after the developers of the browser fixed a bug in the HTML5 specification that the scammers abused in order to lock the program. Jérôme Segura, the lead malware intelligence analyst at the security firm, stated that the company's researchers attempted to replicate the technique in both Microsoft Edge and Internet Explorer, although these browsers did not become unresponsive. It was also mentioned by the security firm that while the Google Chrome browser showed a dialogue box stating that the program is unresponsive, it failed to provide an option to close the tab that locked it in the first place.
Should users encounter these malicious advertisements, Malwarebytes them to stay calm and not call the phone numbers that appear on their screens under any circumstances. Instead, they should open the Windows Task Manager in order to force-close the tab responsible for rendering the browser unresponsive.