Firefox customers are being targeted by malicious websites that show a faux warning message after which fully lock them out from utilizing the browser.

Scammers have been discovered actively exploiting a bug in Firefox to trick unsuspecting individuals into believing that their computer systems have been hacked. What’s extra, the assault urges customers to name a fraudulent help line inside 5 minutes to keep away from having their techniques disabled.

The poorly worded message, which has all of the hallmarks of a rip-off, reads beneath:

Please cease and don’t shut the PC… The registry key of your laptop is locked. Why did we block your laptop? The Home windows registry secret is unlawful. The Home windows desktop is utilizing pirated software program. The Window desktop sends viruses over the Web. This Home windows desktop is hacked. We block this laptop to your security.

Mozilla appears to be already aware of the issue for about three months now and is actively working to resolve it. “Fundamental auth affirmation prompts will be abused for spamming customers and stealing focus from the primary [browser] window,” goes the outline of the bug.

The browser lock (or browlock) exploit, which impacts each Home windows and macOS variations, works by bombarding customers with continuous “authentication required” authorization prompts that forestall customers from leaving or closing their browsers.

On this case, malicious websites — comparable to d2o1sv4d11x6bc[.]cloudfront[.]web/firefox/index.html — have been particularly programmed through JavaScript to reap the benefits of the flaw to spam customers with limitless popups.

It seems that, at least in one instance, the offending website was loaded upon clicking a innocent hyperlink, suggesting a type of URL hijacking attack.

To get round the issue, you’ll have to manually terminate the browser course of through the Home windows Activity Supervisor or use the Drive Give up characteristic in macOS. However there’s a catch: in case you’ve turned the restore tabs option on, you’ll be caught in a perptual loop, with the one possibility being disconnecting from the web earlier than opening the browser once more.

It’s price noting that Mozilla issued a fix for login prompt spam some 12 years after being reported beginning with Firefox 68 again in July.

The truth that attackers have already devised an energetic workaround signifies that unhealthy actors are continuously searching for methods to beat safety defenses constructed into software program to additional their goals.

Source link


Please enter your comment!
Please enter your name here