Fake Support, Real Screen Locker Malware

Here’s another instance where ransomware and tech support scams overlap. Jérôme Segura, for Malwarebytes, describes how scammers have moved on from ‘bogus browser locks and fake AV alerts‘ to real screen lockers. In particular, he describes an example of malware shared by @TheWack0lian that passes itself off as a Windows update. However, during the ‘update’ it effectively locks the computer, ostensibly due to an ‘invalid licence key’, forcing the victim to call a ‘support line’.

The article – Tech Support Scammers Get Serious With Screen Lockers – includes a keyboard combination that might disable the locker, and some hardcoded ‘key’ values that might also work. However, it’s likely that there are already variants out there that use different ‘keys’, and if there aren’t, there almost certainly will be.

Commentary by David Bisson for Graham Cluley’s blog is also worth reading: New tech support scams mimic ransomware, lock users’ computers –Beware if you’re asked to pay $250 for a product key to unlock your PC.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.