Tech Scammers Exploit "Download Bomb Trick" in Chrome and Other Browsers

The ‘Download Bomb Bug’ that was found in Google Chrome 65 in March 2018 has been again discovered in Google Chrome 67 and it appears that this time it has also affected other browsers like Vivaldi, Opera, Firefox, and Brave. 
The bug starts downloading hundreds of thousands of parallel downloads to freeze a web browser on a single page. Once users web browser is frozen successfully, then scam websites prompt a tech support number to unfreeze their browsers.
According to Bleeping Computer, tech scammers “used the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to initiate thousands of downloads one after the other to freeze Chrome browsers on tech support sites.”
It is being reported that many variations of this trick have been used by tech support scammers to encapsulate users on malicious sites that lure victims into calling a number connected with shady organizations to have their browser unlocked. Meanwhile, hackers on the other end demand a high price in order to unlock the browser.
Google has successfully fixed the bug in Chrome 65, but it has now resurfaced in its latest version i.e. Chrome 67.  The bug was found by an anti-virus provider Malwarebytes, in February reports that Mozilla could be susceptible to it as well.
However, researchers have found that Microsoft Edge and Internet Explorer are unaffected by this bug. 

Leave a Reply