Partnerstroka scam group makes its move with another Browlock variant

October 5, 2018
Partnerstroka scam group makes its move with another Browlock variant

An influx of newer tech support fraud made specifically for latest Google Chrome Windows users are permeating. The group that’s responsible belong to Partnerstroka, which has been a major key player when it comes to impersonating as tech support representatives and making a fool out of their victims.

Their threat arsenal just got larger with the addition of another browlock campaign, and, depending on what browser they’re currently using, this malicious group will employ a bit of social engineering to get what they want.

As example, Microsoft Edge and Firefox users will get an infinite loop of textbox displaying a prompt such as “Contact Microsoft. Your computer has been infected and its Registry Key is temporarily suspended.“, and then it displays a phone number that should be contacted to fix the issue. Suffice to say, that is not from Microsoft, but from the scammers pretending to be one.

Chrome users get it rougher, since it freezes your browser by triggering thousands of simultaneous downloads, in an attempt to lock its victim’s browser.

Researchers have identified another browlock campaign by Partnerstroka:

A lot of dummy .info domains are being spread through several Ads by way of Malvertising via injection of Ad Code.

The victim, after clicking one of these Ads, either gets redirected to a dummy harmless decoy site or be forced into the dangerous browlock site. Those on the latter are then redirected to .club browlock domains. These domains are tied to dummy email addresses, and are registered under GoDaddy Hosting/Registrar online services.

Once inside these .club browlock domains, depending on their browser, the victims will be locked with the aforementioned browlock tactics. Partnerstroka even employ a simple line of HTML code to maliciously enlarge the victim’s mouse pointer – preventing it from clicking the browser’s exit button. Of course this is paired with disabling the keyboard function to prevent commands such as alt+f4. With this, victims will likely panic and be forced to pay large sums of money.

Since these browlock domains are increasing in numbers, blacklisting them wouldn’t be enough as prevention. It is important to possess a strong anti-threat online service that’s capable of heuristics analysis to identify the aforementioned patterns and block potentially unwanted browlock domains.

About the author

Leave a Reply