Some of the most effective online attacks rely on social engineering as much as clever coding. Scammers have started exploiting a bug in Firefox that causes the browser to lock up, pushing users to call a phone number for support. Mozilla is reportedly working on a fix for this issue, but users with less technical knowledge may be unable to get rid of the locked page even after restarting the browser.
This attack is, at its heart, a classic tech support scam. The new wrinkle here is the scam page uses the Firefox bug to make it impossible to ignore. When a user lands on the boobytrapped page while using Firefox, the browser shows a login box that cannot be dismissed. Attempting to close the browser also doesn’t work.
Below the popup, the fraudsters display a message in broken English that reads:
Please stop and do not close the PC… The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety.
If the victim calls the phone number on the page, they’ll connect with a person claiming to be with Microsoft tech support. However, that’s a scammer who will attempt to trick them into paying money for some product or service they don’t need — in this case, a non-existent Windows license. The only way to close the browser once it’s been locked is to end the process (both Windows and macOS). If you have the misfortune of running Firefox with tab restore enabled, the offending page will just come back the next time you open the browser. In that case, you’d need to disconnect from the network or reset the browser preferences to free yourself.
Unfortunately, many people won’t have enough technical knowledge to clear a browser lock like this, and the odd behavior will convince more users that there is something genuinely wrong, and maybe they ought to call that mysterious number.
Mozilla developers have stated they’re working on a fix that will rollout soon. For now, it’s a good idea to disable tab restore to speed recovery in case you run into a page exploiting this bug.