Windows Chrome users: Tech-support scams try new trick to freeze your browser

Get an ad-blocker if you want to dodge tech-support scammers' latest rapid-download ruse.
Written by Liam Tung, Contributing Writer

Video: How to make Google Chrome faster: Five tips

Tech-support scammers have developed a new trick to freeze browsers on a bogus security alert with a number to a fake support line.

The ultimate goal of the browser freeze is to cause stress to lots of potential victims in the hope some will call the bogus hotline offered in the alert.

Previously, tech-support scams have used pop-under windows, pop-up loops, and other shady techniques that aim to prevent users from closing the bogus security alert page. Scammers frequently use malicious ads to nudge browser users to booby-trapped webpages that freeze the browser.

A new technique found by researchers at Malwarebytes targets the current version of Chrome, 64.0.3282.140, on Windows.

This scam works by instructing the browser to rapidly download thousands of files from the web, which quickly results in Chrome becoming unresponsive and makes it impossible to close tabs or the window by clicking the X button.

Malwarebytes' Jerome Segura said that the booby-trapped pages in this case include code that abuses a web application programming interface for saving files from the web on the browser.

The code is set to download 'blob' objects at half-second intervals, leading to a huge number of concurrent downloads that causes the browser to freeze and a large spike in CPU and memory usage.


The tech-support scam locks up Chrome with rapid downloads.

Image: Malwarebytes

Segura contends that given most of these browser lockers reach users via malvertizing, one effective method of countering the threat is to use an ad-blocker.

Read: Shore up your defenses: Budget extra for an IT audit in 2018

He also notes that people who have landed on one of these pages can escape them by going to the Windows Task Manager and force quitting the offending browser processes.

Chrome is often targeted because of its huge number of users, making it ideal for indiscriminate and widespread attacks that are usually delivered by malicious ads.

Previous and related coverage

Google Chrome: Beware these malicious extensions that record everything you do

Developers of malicious extensions are testing new session-replay technique to record and replay victims' online sessions.

Google Chrome can now spot even brand new phishing pages

Google has rolled out two new tools to combat phishing, and upped Gmail security.

Google: Chrome is backing away from public key pinning, and here's why

Google wrote the HTTP public key pinning standard but now considers the web security measure harmful.

10 tips to help you get the most out of Google Chrome(TechRepublic)

Google Chrome is the most popular US web browser, and has made large gains in the enterprise in recent years. Here are 10 tips for increasing your productivity with the browser.

Chrome will whack website bait-and-switch tactics(CNET)

Starting in 2018, Google's browser will stop website elements that try to send you to a page you didn't expect or want.

Editorial standards