26 March 2019

Google fixes Chrome 'evil cursor' bug abused by tech support scam sites

Google has patched a Chrome bug that was currently being abused in the wild by tech support scammers to create artificial mouse cursors and lock users inside browser pages by preventing them from closing and leaving browser tabs.

The trick was first document back in 2010, but only recently entered the arsenal of tech support scammers --in September 2018, when it was spotted by Malwarebytes analyst Jerome Segura. Called an "evil cursor," it relied on using a custom image to replace the operating system's standard mouse cursor graphic.

A criminal group that Malwarebytes called Partnerstroka operated by switching the standard OS 32-by-32 pixels mouse cursor with one of 128 or 256 pixels in size.

A normal cursor would still appear on screen, but in the corner of a bigger transparent bounding box.

The trick was that users would think they'd be clicking where the cursor would appear, but they would actually click in another area of the screen, preventing them from closing popups and browser tabs due to inaccurate clicks.

The "evil cursor" fix is currently live for Google Canary users, and is scheduled to land in the Chrome 75 stable branch, to be released later this spring. FYI: Chrome is currently at v73.

No comments:

Post a Comment