The same group behind the Shoppers Stop tech scam campaign is at it again, injecting malicious ad code into thousands of sites and redirecting to a templated warning page. We believe those ad injections came from pirated CMS themes that people typically have to pay to download. The toll-free number, dynamically populated on the page and URL, is what the scammers hope potential victims will dial. The browlock is a spin-off of the Google Chrome Safebrowing warning. The number one vector of traffic to these browser locker pages is advertising.”]
Source: https://blog.malwarebytes.com/threat-analysis/2018/05/tech-scam-lures-thousands/