Windows tech support scam: Attackers use this Firefox bug to lock up your screen

Scammers find a way to bypass Mozilla's fix for login prompt spam to launch lock screen attacks.

Why Germany thinks Firefox is the most secure browser of all Germany's BSI tested Firefox, Chrome, IE, and Edge. Firefox was only browser to pass all minimum requirements for mandatory security features.

Annoying tech-support scammers have found a new way to lock up Firefox. It's part of a scam to convince victims they need to call a bogus 'Windows support' hotline because their PC has an illegitimate license. If victims don't call within five minutes, the scammers threaten to disable the computer.

The scammers are abusing a bug in Firefox that for years allowed fraudsters to slug users with login prompt spam, presenting victims with incessant 'authentication required' prompts. 

The prompts act as a browser locker because they stop users from leaving or closing the browser. This July, Mozilla issued a fix in Firefox 68 that was meant to prevent the attack

SEE: 10 tips for new cybersecurity pros (free PDF)

The fix involved blocking all types of 'authentication required' prompts, including those generated by the site's main domain. 

However, Jérôme Segura, head of Threat Intelligence at Malwarebytes, this week found that tech-support scammers have found a bypass for Mozilla's fix, allowing them to use the same tactics to con victims. 

He's since filed a bug report with Mozilla and its developers are working on fix for a future release of the browser. 

But he's also found a second browser lock technique reported to Mozilla two years ago that to this day remains unfixed. The tech support scam page, which is still live today, was originally designed to target Chrome but was fixed in Chrome version 67

The messaging on the browser lock page is full of falsehoods. Beneath the 'Windows support' number provided, it states:

Do not ignore this important warning
Please stop and do not close the PC
The registry key of your computer is locked. 
Why did we block your computer? 
The Windows registry key is illegal. 
This Windows desktop is using pirated software.
This Windows desktop sends viruses over the Internet. 
This Windows desktop is hacked. 
We block this computer for your safety. 
Please call us within 5 minutes to prevent your compute from being disabled.