WORST EVER FAKE SUPPORT SCAM
What you need to know to stop getting conned
What’s the threat?
Ransomware is the scariest malware around, and tech-support scams are a growing menace. A new strain of malware combines these two horrors by locking your PC and then offering to help – but only if you pay £170.
So-called ‘tech support locker’ malware, now being examined by experts at Malwarebytes Labs ( www.snipca.com/20785), is essentially ransomware with a smile. Once it infects your PC it lies dormant until you enable it by clicking a phishing trap, such as a fake Adobe Flash update. Next time you restart your computer, the malware locks it, but instead of displaying an aggressive demand for cash, it pretends to be on your side. You’ll see a fake Windows screen (such as the bogus Windows Product Key message in our screenshot) and a box suggesting you ‘Call Support’, followed by a phone number so long it looks more like a Windows licence key.
What should you do?
Don’t dial that number, for a start. Victims report being connected to a ‘technician’ in the US who requests remote access to the infected PC – just like the Guruaid scammers we investigated in Issue 466. In this case, victims are charged $250 (£170) to have their computer unlocked. Malwarebytes Labs found that some infected PCS could be unlocked by typing certain codes under ‘product key’, but most could not.
To ensure you don’t fall into the trap, check your PC now for unusual programs and processes. One strain of this malware is called ‘PC Cleaner TSS’ (TSS stands for ‘tech support scam’). If you find it, follow Malwarebytes’ removal steps ( www.snipca.com/20786).
Be aware that tech-support malware travels like adware – by embedding itself, often invisibly, in the installers of other programs. Only install programs we recommend, and stay alert for unwanted extras in installers.