Tech support scams are not going anywhere any time soon. The number of fake pop ups and bogus 1-800 numbers keep popping all over the place.
This usually happens while you are browsing the web, or perhaps if you make a typo in a site’s name. This is a classic scare tactic with the goal of tricking you into calling for “tech support”.
Miscreants operating out of boiler rooms will impersonate Microsoft and ask you to pay hundreds of dollars for non-existent. Worse, they may hijack your PC and infect it with malware before running away.
The following screen will probably look familiar:
In an interesting twist first reported by How-To Geek, one such scammer is trying out a different scare tactic. Rather than direct victims to a phone number, it pushes a piece of software, which appears to be AdwCleaner.
It does so by using an iframe, a rather rudimentary way of prompting for a download.
<iframe src=”../get_file.php?owner=me” height=”1″ width=”1″>
The program turns out to be a rip-off of the real AdwCleaner, a completely free removal tool. When ran, it will detect fake infections and demand payment in order to remove them:
This program is completely bogus and does nothing. In fact, even if you pay for it and enter the license key, you get a message to download the real AdwCleaner (which the crook calls the ‘full version’)
Sadly, many people have fallen for this scam already as shown in this screenshot below. This is sort of a stats/payment dashboard that is actually publicly visible.
We can see interesting data points such as how many people ran the program, how many converted, etc.
As a rule of thumb, you should only download programs from their official website. It is also a good idea to scan a file before running it. Services such as VirusTotal can provide a second opinion by checking the file against multiple security products.
Malwarebytes Anti-Malware detects and removes this fraudulent piece of software as Trojan.FakeAdwareCleaner.A.
We also provide a manual removal guide in our forum (thanks Pieter Arntz).
For more information about tech support scams, please visit our scams resource page.
Special thanks to Stefan Dásic for reporting this scam.
COMMENTS
Pingback: Fake Adblocker Bylekh is an LSP Hijacker | Malwarebytes Unpacked()