Cybercriminals actively exploit browser vulnerabilities and Firefox is not avoided. When a malicious website is opened, the browser is blocked and called broken computer. The website then encourages unsuspecting victims to call fake technical support numbers. ArsTechnica's website highlights interesting threats.
This technique is not new or explicitly dangerous
The attack technology, known as Browlock, threatens internet browsers or exploits some of their weaknesses. As the name suggests, an attacker can use this technique to limit some Internet browser functions and block, for example, opening new tabs or preventing URLs from changing.
In some cases, even the Internet browser cannot be closed or scaled down. From the point of view of an inexperienced user, it seems like the whole computer has been blocked. It is precisely this assumption that cyber attackers, who are responsible for a variety of viruses and web-based extortion fraud with fake technical support, benefit.
Web browser developers do everything to eliminate bugs that lead to similar attacks. However, sometimes, it does not work according to their ideas, as proven by the most recent case.
It seems they did not fix enough mistakes
In July this year, a new version of the Mozilla Firefox 68 web browser was released, bringing many new features and bug fixes. Among these, there are added mechanisms to prevent only attacks such as Browlock. However, the attackers seem to have found a way to avoid this protection.
Researcher Jérôme Segura from Malwarebytes has revealed an active attack campaign with fake technical support. The target is the Mozilla Firefox web browser user, and the attack also works in the latest browser versions – 70.x Stable, 71.x Beta and 72.x Nightly.
Links to dangerous sites spread through unsolicited e-mail messages or through untrustworthy websites. Some users even suspect that they have reached a malicious site through an unnamed ad network link.
They mimic the Microsoft website
Malicious sites are hosted on dubious domains, resembling legitimate Microsoft support sites. Text on the site reports about allegedly unauthorized Windows licenses, virus infections, and even the system was allegedly hacked.
To resolve the alleged problem, you need to call the underlined phone number but under the control of the hacker. They then try to recover the victim's password, credit card number, or force unnecessary paid software.
To emphasize the "seriousness" of the whole situation, a script is displayed on the web that displays an unlimited login window. This trick will block some of your browser.
Examples of fake websites and ways to disable a computer:
Strangely, this attack scheme works according to the ArsTechnica portal not only in Firefox for Windows, but also in the MacOS version. Fake technical support is only intended for Windows users.
But the good news is, Firefox developers are actively working to fix bugs. Other Internet browsers, such as Google Chrome, Microsoft Edge, Opera, and the like, are quite protected from this attack.
The script that is responsible for displaying the login window indefinitely (source: Bleeping Computer)
Don't give the attacker a chance
If you hit a similar robbery site, there's usually nothing to worry about. Be sure not to call the underlined number or contact fake technical support. A blocked browser can scare users who do not understand technically, but the problem can be solved easily. Force browser to close.
To force Firefox to close:
- Press CTRL + SHIFT + ESC
- Open the "Process" tab
- Search for "firefox.exe" and click
- Click "End process" and confirm
- If there are several processes named "firefox.exe" in the list, repeat the process to end all processes
After the browser is successfully closed, the system is fully functional again. Potential problems can arise if you have enabled automatic reverting of previously opened tabs. This means that once you open Firefox, the malicious site will open again, blocking the browser again.
In this case, follow our instructions to force the browser to close. Then disconnect your computer from the Internet and launch your browser. Because the Internet is disconnected, the malicious website doesn't load, and you just need to close the tab with the URL. Finally, connect your computer to the Internet and the problem is resolved.