Fake technical support scammers are exploiting a recently discovered Firefox vulnerability to overload CPUs. Fake tech support scam pages have been common for a considerable amount of time, but over the past year, these scammers have been exploiting web browser vulnerabilities more often. The advantage for the scam artists is that they can design a web page that can be difficult to close potentially causing victims to panic.
Getting obvious out of the way, these scammers use the basic human emotion of fear to trick users who aren’t paying attention to phish for credentials or other forms of confidential information.
The vulnerability being utilized here has a rather short implementation time from the attacker’s perspective seeing as the proof of concept code (see below) is only a few lines of Javascript. The code renders the Firefox web browser unable to close. Similar code has been deployed previously on multiple browsers, Google Chrome specifically. Implementing such Javascript causes the browser processes to eat up the CPU’s resources resulting in a fully utilized processor.
The only way to close the Firefox browser once this has occurred is to shut down the process using a tool like Task Manager.
Following are software versions affected: Firefox 70.x Stable, 71.x Beta, and 72.x Nightly.
Consider:
IBM X-Force Exchange Post: https://exchange.xforce.ibmcloud.com/collection/Firefox-Browser-Lock-Bug-Abused-By-Tech-Support-Scammers-11d3006352e54aeba0f7a809721c7980
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by our own CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.