Browser Locker Downloads and Decodes Itself On the Fly to Avoid Detection

A new browser lock obfuscation technique which makes it possible for tech support scams to lock their victims' web browsers while at the same time completely avoiding detection has been observed in the wild by Malwarebytes' Jérôme Segura.

Browser lockers are a type of malicious attack designed to completely lock the victim's web browser, denying access to the desktop or blocking navigation to other websites.

This allows the bad actors behind it to induce a state of urgency, persuading the victim to call a tech support scam number, to pay a ransom, or to install a maliciously crafted extension that could drop a malware payload.

Unlike many of its brethren, the new browser locker discovered by Segura does not reside in the page designed to bait the victim, obfuscating itself using an ingenious new method instead of the run-of-the-mill BASE 64... (read more)

Comments