There has been an uptick in recent months of attacks by malware on browsers to try to get users to call a phone number, click on links, download files, or even make you type in your Google login details as the newest attack is trying to do.
Most SHASS users are familiar with the fake virus infection alerts, or the fake Apple or Microsoft Tech Support Alerts that appear in a web browser window that claims your machine is infected and you must call this number for them to fix it. All of these attacks have one thing in common in that they lock the browser so you can’t do anything else except what the bad actors are trying to make you do. The latest one locks the browser and launches it in kiosk mode where the browser runs in full screen mode without any user interface elements like address bars, buttons, or menus. The idea behind this attack is to force the user to visit a page where users go to reset their Google Password.
“Besides opening the browser in kiosk mode and preventing victims from accessing the navigation bar, the malware also disables the Escape and F11 keys. That way, computer users who aren’t that tech-savvy will think the only way to move past the Google screen is to type in their login credentials.
That is obviously not the case, and the browser can easily be circumvented with ALT+TAB, CTRL+ALT+DEL, ALT+F4, and many other keyboard shortcuts. Alternatively, holding down the power button (or unplugging the device, in case it’s a PC) will reset it. All of these alternatives are better than giving away your login credentials to crooks.”
More details of this latest attack can be found here:
THE FIX
————-
What all of these attacks have in common is that killing the browser process or quitting out of the browser is the fix. The malware is only loaded once in the browse page and typically does not remain on your machine after the browser process is killed. Just to be safe it’s always a good idea to do a Sophos AntiVirus scan afterwards to make sure you’re free and clear. If you have Malwarebytes on your machine it is always a good idea to run a quick scan with that program as well.
As with all types of malware attacks, never do what the bad guys want you to do which is surrender your personal and private information. Never call them or click on anything or download anything, or reset your password on their say so especially from a browser that’s obviously been locked by malware.
Please let us know if anyone has any questions!