Firefox Vulnerability and Fake Tech Support Page Scammers

Avertium Threat Report
Share on linkedin
Share on facebook
Share on twitter
Share on reddit
Share on email
Share on print

Firefox Bug and Fake Technical Support Page Scam Overview

Fake technical support scammers are exploiting a recently discovered Firefox vulnerability to overload CPUs. Fake tech support scam pages have been common for a considerable amount of time, but over the past year these scammers have been exploiting web browser vulnerabilities more often. The advantage for the scam artists is that they can design a web page which can be difficult to close potentially causing victims to panic.

Tactics, Techniques and Procedures

Getting the obvious out of the way, these scammers use the basic human emotion of fear to trick users who aren’t paying attention to phish for credentials or other forms of confidential information.

The vulnerability being utilized here has a rather short implementation time from the attacker’s perspective seeing as the proof of concept code (see below) is only a few lines of Javascript. The code renders the Firefox web browser unable to close. Similar code has been deployed previously on multiple browsers, Google Chrome specifically. Implementing such Javascript causes the browser processes to eat up the CPU’s resources resulting in a fully utilized processor.

proof of concept code
Proof of Concept Javascript Code

The only way to close the Firefox browser once this has occurred is to shut down the process using a tool like Task Manager.

Following are software versions affected: Firefox 70.x Stable, 71.x Beta, and 72.x Nightly.

Impact

  • Could result in a social engineering situation where the user calls the phone number on the screen and potentially gives away sensitive information such as user credentials
  • May cause unwanted resource consumption on the affected host.

Recommendation

Consider:

  • Providing user/security training to help employees navigate social engineering scenarios
  • Perform regularly scheduled patch roll-outs to avoid potential exploitation of vulnerabilities on the network
  • Reset user passwords if evidence presents itself that credentials were leaked to unauthorized third parties
  • Use the bug tracking link below to check for the latest patch release

Sources

IBM X-Force Exchange Post: https://exchange.xforce.ibmcloud.com/collection/Firefox-Browser-Lock-Bug-Abused-By-Tech-Support-Scammers-11d3006352e54aeba0f7a809721c7980

Supporting Documentation:

NoteThe Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by our own CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Share this:
Share on linkedin
Share on facebook
Share on twitter
Share on reddit
Share on email
Share on print

We use cookies to personalize your experience. By using our website, you agree to our Privacy Policy.