Before we dive into some of the details, let’s talk about what we’re seeing. We started receiving calls that users were getting notifications from the Windows 10 Notification bar claiming to be from a legitimate anti-virus software (Windows Defender, Symantec, or McAfee) reporting your computer is infected with a virus. The notification prompts the users to click a scan button that eventually urges the user to contact “support” via phone to have the issue resolved. When the number is called the scammers answer and talk you through running a basic remote screen sharing application to allow them access to your desktop and control your machine. At this point they will bring up the event log and point out non-vital errors as evidence of the infection that only they can help with. Once they’ve convinced you this infection is real, a request is made for a bank account or credit card information as a fee to clear up the purported virus. At this point they attempt to drain your bank account while telling you the payment was declined, followed by asking for another account or credit card that may work, until they obtain access to as many of your accounts as they can.
What It Looks Like:
Below are some examples of some of the false notifications
What’s REALLY Happening (The Good News):
I know this seems crazy, but this is good news! What you’re seeing is the result of a vulnerability recently uncovered in Google Chrome allowing websites to create windows notifications without obtaining permission from the user. Fortunately, this means your computer DOES NOT have any real infection. The pop-ups are just a social engineering attempt to setup the phone call rather than dropping an infectious payload. Since this has little technical impact on your computer, our technicians are able to remove the pop-ups very quickly so you can get back to your work!
What We are Doing to Protect You:
We are currently writing policies we can push out to all managed workstations at our clients that will disable all Windows notifications from Google Chrome. (NOTE: In the event you have a legitimate application that you would like notifications, we can allow those by source address for you. Please reach out to your primary technician or drop us a support ticket). InfiNet Solutions recommends no longer user Google Chrome as your primary web browser, replacing it with either Microsoft Edge or Brave. If you have questions about that change, please reach out to your primary technician.
What You Can Do at Home:
These notifications can be blocked through Chrome settings (instructions here) however, it is advised to block Chrome notifications altogether. Google has already released an update to Chrome that remedies the vulnerability so updating your browser will protect you. Again, our engineers recommend changing your primary browser from Chrome to either Edge or Brave as they are more security and privacy focused.