Fake technical support has learned to intercept the mouse cursor and prevent the closure of the site.
Scammers, posing as tech support, have adopted a new attack to intercept the session of users of the browser Chrome. According to the report of the specialists of Malwarebytes company, to intercept the session, the fraudulent grouping Partnerstroka uses a technique called “evil cursor” (evil cursor).
Through malicious advertising on the sites, the victims are redirected to fake web pages that “freeze” the browser, and users can not either close the tab or window, or go to another site or to the desktop of the OS (a browlock technique).
According to researchers, the partnerstroka technology used by browlock is geared towards the latest build of Google Chrome 69.0.3497.81. In total, the researchers found 16 thousand domains used in this campaign.
To “freeze” the browser, scammers Partnerstroka use interception of the mouse cursor. When a user clicks on a button to close a site, in fact it clicks all the way to a different place, and the site, accordingly, does not close.
The “evil cursor” technique is based on HTML code that decodes the mouse cursor at a low resolution. As explained by the researchers, adding a transparent pixel 128X128 turns the mouse into a “big box”. The victim thinks that he is clicking at one particular point, but in fact he does not get there. Since the user can not click at one particular location, he can not close the site or browser.
Techniques are gradually beginning to develop and other groups. In addition, it is included in the toolkit for fraud.