Google Fixes Chrome 'Evil Cursor' Bug Abused by Tech Support Scam Sites

Google has patched a Chrome bug that was being abused in the wild by tech support scammers to create artificial mouse cursors and lock users inside browser pages by preventing them from closing and leaving browser tabs. From a report: The trick was first spotted in September 2018 by Malwarebytes analyst Jerome Segura. Called an 'evil cursor,' it relied on using a custom image to replace the operating system's standard mouse cursor graphic. A criminal group that Malwarebytes called Partnerstroka operated by switching the standard OS 32-by-32 pixels mouse cursor with one of 128 or 256 pixels in size. A normal cursor would still appear on screen, but in the corner of a bigger transparent bounding box. The 'evil cursor' fix is currently live for Google Canary users, and is scheduled to land in the Chrome 75 stable branch, to be released later this spring.

Read more of this story at Slashdot.