New Move to Hijack Chrome Browsers

Wednesday, August 31, 2016 @ 11:08 AM gHale


There is a new move afoot on the Chrome browser to trick victims into revealing important information.

The new approach used by tech support scammers relies on crafting new tech support pages mimicking the visual style of the official Microsoft website.

RELATED STORIES
DNSSEC Servers Not So Secure
Website Hijacking Uses Old IP
Ancient SAP Hole Affects More Than Thought
Security: Ease the Pain …

When users navigate to this page via Chrome, hidden JavaScript code puts the victim’s browser in fullscreen mode, said researchers at Malwarebytes.

While the browser’s top UI toolbar ends up hidden, including the address bar, attackers load a JPEG image at the top of the page, which looks like Chrome’s original UI bar.

Unless the user is using some sort of custom Chrome theme, a Chrome version with a different UI, or hovers their mouse near the top of the page, they won’t be able to spot the difference.

Malwarebytes discovered the move, along with a second one, also targeting Chrome users, researchers said in a blog post.

In this one, attackers were creating popups that mimicked the original Chrome alerts that asked users if they wanted to “prevent this page from creating additional dialogs.”

Attackers were using these fake popups, but when users ticked the appropriate checkmark, they continued to show more and more alerts.

Attackers were hoping when Chrome detected the page of abusing JavaScript alerts and showed the real “Prevent this…” popup users would distrust it and not tick the checkmark, or press “Ok,” giving it free reign to show as many popups as they wanted afterward.