We’ve all heard of tech support scammers who pretend to be from Microsoft or Dell. They call unsuspecting PC users and trick them into giving up payment information or installing malware on their device. Now, the scammers have come up with a brand new way to trick users: by using screen lockers that display fake Windows alerts telling users that their copy of Windows is corrupted or expired.
The malware is installed when users download software from the internet. While they think they are downloading something useful, they are really getting a serving of malware on the side. The malware can also be delivered as a seemingly legitimate update from Microsoft.
Once the user restarts their computer, a bogus Windows update screen will appear. Most users will not be able to differentiate between a real and fake update screen because they look nearly identical. After the “updates” are complete, another screen will appear that tells the victim that the license key on their operating system has expired. The malware uses the computer’s actual license key and name in order to appear more legitimate.
A pop-up will show up on the screen, telling the victim to call a support number for help. The computer is essentially locked and unusable, so victims have no choice but to call the number.
Jérôme Segura of Malwarebytes, a security research company, said, “We called the number (1-844-872-8686) provided on the locked screen and after much back and forth, the technician revealed a hidden functionality to this locker. There is a built-in installer for TeamViewer which can be launched by a combination of the Ctrl+Shift+T keys. However, the rogue ‘Microsoft technician’ would not proceed any further until we paid the $250 fee to unlock the computer, which we weren’t going to.”
A security researcher known as @TheWack0lian discovered a keyboard combination that will disable the locker. Simply hitting Ctrl-shift-S should do the trick. After that, victims will want to take their device to a professional for a full antivirus cleanup.
Segura added, “This increased sophistication means that people can not simply rely on common sense or avoid the typical cold calls from ‘Microsoft’. Now they need to also have their machines protected from these attacks because scammers have already started manufacturing malware tailored for what is essentially plain and simple extortion over the phone.”
The computers of both consumers and businesses need a strong antivirus program installed to protect against threats like these. We recommend installing Bitdefender, an award-winning antivirus software. It’s what we use on our own computers and it’s what we install on our clients’ systems. For more information, call us at (806) 350-8324 or contact us here.