Firefox Bug and Fake Technical Support Page Scam Overview

 

Fake technical support scammers are exploiting a recently discovered Firefox vulnerability to overload CPUs. Fake tech support scam pages have been common for a considerable amount of time, but over the past year, these scammers have been exploiting web browser vulnerabilities more often. The advantage for the scam artists is that they can design a web page that can be difficult to close potentially causing victims to panic.

Tactics, Techniques, and Procedures

Getting obvious out of the way, these scammers use the basic human emotion of fear to trick users who aren’t paying attention to phish for credentials or other forms of confidential information.

The vulnerability being utilized here has a rather short implementation time from the attacker’s perspective seeing as the proof of concept code (see below) is only a few lines of Javascript. The code renders the Firefox web browser unable to close. Similar code has been deployed previously on multiple browsers, Google Chrome specifically. Implementing such Javascript causes the browser processes to eat up the CPU’s resources resulting in a fully utilized processor.

proof of concept code
Proof of Concept Javascript Code

The only way to close the Firefox browser once this has occurred is to shut down the process using a tool like Task Manager.

Following are software versions affected: Firefox 70.x Stable, 71.x Beta, and 72.x Nightly.

Impact

  • Could result in a social engineering situation where the user calls the phone number on the screen and potentially gives away sensitive information such as user credentials
  • May cause unwanted resource consumption on the affected host.

Recommendation

Consider:

  • Providing user/security training to help employees navigate social engineering scenarios
  • Perform regularly scheduled patch roll-outs to avoid potential exploitation of vulnerabilities on the network
  • Reset user passwords if evidence presents itself that credentials were leaked to unauthorized third parties
  • Use the bug tracking link below to check for the latest patch release

Sources

IBM X-Force Exchange Post: https://exchange.xforce.ibmcloud.com/collection/Firefox-Browser-Lock-Bug-Abused-By-Tech-Support-Scammers-11d3006352e54aeba0f7a809721c7980

Supporting Documentation:

NoteThe Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by our own CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Chat With One of Our Experts




Threat Report firefox bug fake technical support page browser vulnerability vulnerability management Blog