Threat actors are taking advantage of a vulnerability in the Firefox browser as part of a new tech support scam, a security researcher with Malwarebytes discovered. The flaw, dubbed browlock, makes it possible for code running on a website to lock up a browser tab by displaying numerous login popups. The flaw was found three months ago, but has not been fixed yet.
The tech support scammers are distributing fake Google ads that redirect users to websites running malicious code that will freeze up vulnerable browsers, while displaying a message urging victims to call a Windows support line to resolve the issue. While users can simply use Microsoft Task Manager to close the frozen browser, some people are bound to fall for the scam and call the fake support line, where scammers will be ready to charge them hundreds or even thousands of dollars for fixing nonexistent problems with their computer.
Read more: Tech Support Scammers Are Abusing a New Firefox Browser Lock Bug