Tech Support Scam Malware Fakes the Blue Screen of Death

Tech Support Scam Malware Fakes the Blue Screen of Death

The infamous Blue Screen of Death (BSOD) is one of the most-dreaded sights for Windows users. Adding insult to injury, a new malware is making the rounds that fakes a BSOD, and then tries to swindle victims into paying for tech support tools.

According to Malwarebytes, the malware, appropriately dubbed Troubleshooter, announces itself with a faux BSOD that appears to lock out the user. Then, a “troubleshooting wizard” pops up, masquerading as a Windows utility. It detects “issues” on the PC, and then recommends that the victim pony up $25 via PayPal to buy a package called Windows Defender Essentials to take care of them.

The malware disables shortcut keys, so that users can’t close the pop-up windows. It also takes a screenshot of the user’s desktop and sends it to a remote IP address.

Malwarebytes said that it’s spreading via a cracked software installer that loads various files, including the malware. Troubleshooter then registers itself as a Windows service.

If a victim pays the $25, they are redirected to a “thank you” webpage and the malware is terminated. However, users can also fix the problem for free by rebooting the PC into Safe Mode and then removing the file.

Tech support scams have been around for a decade or so. As the FTC points out, they come in many forms: “Some scammers call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Other scammers send pop-up messages that warn about computer problems. They say they’ve detected viruses or other malware on your computer. They claim to be tech support and will ask you to give them remote access to your computer. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary—or even harmful—services.”

Those experiencing unexpected pop-ups, calls, spam email or other urgent messages about problems with their computers should take care not to click on any links, call any provided numbers or send any money.

Source: Information Security Magazine