A New Twist on Tech Support Scams Pop Ups

A New Twist on Tech Support Scams Pop Ups

Tech support scams are not going anywhere any time soon. The number of fake pop ups and bogus 1-800 numbers keep popping all over the place.

This usually happens while you are browsing the web, or perhaps if you make a typo in a site’s name. This is a classic scare tactic with the goal of tricking you into calling for “tech support”.

Miscreants operating out of boiler rooms will impersonate Microsoft and ask you to pay hundreds of dollars for non-existent. Worse, they may hijack your PC and infect it with malware before running away.

The following screen will probably look familiar:

fakepage

In an interesting twist first reported by How-To Geek, one such scammer is trying out a different scare tactic. Rather than direct victims to a phone number, it pushes a piece of software, which appears to be AdwCleaner.

It does so by using an iframe, a rather rudimentary way of prompting for a download.

The program turns out to be a rip-off of the real AdwCleaner, a completely free removal tool. When ran, it will detect fake infections and demand payment in order to remove them:

fakeapp

This program is completely bogus and does nothing. In fact, even if you pay for it and enter the license key, you get a message to download the real AdwCleaner (which the crook calls the ‘full version’)

Sadly, many people have fallen for this scam already as shown in this screenshot below. This is sort of a stats/payment dashboard that is actually publicly visible.

dashboard

We can see interesting data points such as how many people ran the program, how many converted, etc.

As a rule of thumb, you should only download programs from their official website. It is also a good idea to scan a file before running it. Services such as VirusTotal can provide a second opinion by checking the file against multiple security products.

Malwarebytes Anti-Malware detects and removes this fraudulent piece of software as Trojan.FakeAdwareCleaner.A.

We also provide a manual removal guide in our forum (thanks Pieter Arntz).

MBAM

For more information about tech support scams, please visit our scams resource page.

Special thanks to Stefan Dásic for reporting this scam.

ABOUT THE AUTHOR

Jérôme Segura

Principal Threat Researcher