A Google Chrome bug is allowing is causing a fake pop up message to appear urging users to contact a fake tech support company and pay to fix a computer problem that doesn’t exist.
The tech support scam first appeared earlier this year and was spotted by ant-malware company Malwarebytes in February after a the Chrome 65 update. Some users have reported that the malware scam bug has reappeared in Chrome 67 update. Some users are reporting that the malware is also affecting the Firefox browser.
According to Malwarebytes, scammers are able to abuse an API known as the window.navigator.msSaveOrOpenBlob and cause your computer to download and save a file multiple times until your browser crash. Another form of the Google Chrome bug causes your browser to behave as if it’s frozen, but you’ll receive a pop-up message asking you to call a toll-free number for assistance. The end-goal for the scammers is that the pop-up message will cause some people to panic, then call the toll-free number to have the problem “fixed.”
According to Express.co.uk, when you call the number on the pop-up message, scammers impersonate a Microsoft or some other software company customer service department and try to get your bank details.
Apparently, the Google Chrome bug is causing scammers to inject the malware through malicious advertisements or real sites that may have been hacked.
According to Ars Technica, both Google and Firefox are trying to fix the issue. “We are aware of the issue and are working on addressing it, a Google representative told Ars Technica. “We do intend to address this item. We are working towards completion of our Q3 priorities and this is among them, a Firefox representative said to Ars Technica. “This update will be pushed to nightly for verification of the fix’s efficacy. The bug reporter will automatically be notified of that work in process.”
How to avoid pop-up malware caused by Google Chrome bug
Google and Firefox will likely fix the problem soon but scammers will continue to find a way to exploit a bug and send messages asking you for your personal information.
If you visit a website with intrusive pop-up ads asking you to sign up for something, one of the most important things to remember is to never call any phone number or submit any personal information. Another thing to do is make sure you install a pop-up blocker from an approved developer in the Google Chrome web store. One strategy is to choose an extension with high ratings or is approved by Google.
If you see a message like this and your browser gets stuck, you can open Windows Task Manapressing control-alt-delete-delete at the same time to quit the browser or Force Quit access the macOS Force Quit option in the Apple menu.