Tech-Support Scams Adopt Advanced Obfuscation Techniques
In recent months, the NJCCIC has reported on several tech-support scams including those masquerading as Microsoft, Facebook, and McAfee support teams. Tech-support scams continue to impact residents and employees throughout the State and across the country. This month , authorities raided 16 fake tech-support centers and arrested approximately three dozen people in two Indian suburbs, while last month, Delhi police arrested 24 people in raids on 10 call centers. These scammers conned thousands of victims, most of whom were American or Canadian. In these scams, criminals pose as tech-support staff from legitimate companies via phone calls, spam emails, or pop-ups on malicious or compromised websites. The criminals then attempt to extort money from victims by claiming there is malware or other undesired files on their computers and threaten fines or other legal ramifications unless a fee is paid to the scammer. To evade detection by anti-virus/anti-malware software, scammers are increasing the complexity of their techniques by obfuscating the scripts used to display the fraudulent notifications to potential victims. Scammers have been observed hiding malicious code through Base64 encoding, creating custom obfuscation routines, and using AES encryption. For more details on the obfuscation methods, please review the BleepingComputer post here. The NJCCIC recommends never installing remote access software onto systems at the request of an unsolicited phone call or pop-up message on your computer. If you have installed remote access software onto your system at the request of these or other malicious actors, we recommend isolating the affected system(s) from the network, uninstalling it immediately, and performing a full system scan using a reputable and up-to-date anti-virus/anti-malware solution.