Firefox Vulnerability and Fake Tech support page scammers
November 26, 2019
Firefox Bug and Fake Technical Support Page Scam Overview
Fake technical support scammers are exploiting a recently discovered Firefox vulnerability to overload CPUs. Fake tech support scam pages have been common for a considerable amount of time, but over the past year, these scammers have been exploiting web browser vulnerabilities more often. The advantage for the scam artists is that they can design a web page that can be difficult to close potentially causing victims to panic.
Tactics, Techniques, and Procedures
Getting obvious out of the way, these scammers use the basic human emotion of fear to trick users who aren’t paying attention to phish for credentials or other forms of confidential information.
The vulnerability being utilized here has a rather short implementation time from the attacker’s perspective seeing as the proof of concept code (see below) is only a few lines of Javascript. The code renders the Firefox web browser unable to close. Similar code has been deployed previously on multiple browsers, Google Chrome specifically. Implementing such Javascript causes the browser processes to eat up the CPU’s resources resulting in a fully utilized processor.
Proof of Concept Javascript Code
The only way to close the Firefox browser once this has occurred is to shut down the process using a tool like Task Manager.
Following are software versions affected: Firefox 70.x Stable, 71.x Beta, and 72.x Nightly.
Impact
Could result in a social engineering situation where the user calls the phone number on the screen and potentially gives away sensitive information such as user credentials
May cause unwanted resource consumption on the affected host.
Recommendation
Consider:
Providing user/security training to help employees navigate social engineering scenarios
Perform regularly scheduled patch roll-outs to avoid potential exploitation of vulnerabilities on the network
Reset user passwords if evidence presents itself that credentials were leaked to unauthorized third parties
Use the bug tracking link below to check for the latest patch release
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by our own CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.