Pure curiosity, what's the advantage of this? What am I missing?
The user can't leave the malicious domain, but they also can't interact with the page, because the dialog is in the way. And even if they could, are they really more likely to trust the site after it's made a bunch of random popups appear in a row?
Is it just malice? What does the malicious site gain?
I assume the idea is that on the page visible behind the dialog are instructions to call some number, or open the download, or approve the extension the site wants to install.
Having spent a couple of years working for tech support for a large retail chain, I can confirm that this happens much more often than you might think. Non-technical users are floored the browser locking up, especially if the site starts to do something alarming like play an audio file telling them their computer is infected. If they were lucky and brought it to me in that state, I'd teach them about their task manager and how to close the browser, and warn them about visiting suspicious sites. But if they actually called the number, and in some cases, allowed the scammers to remote into the machine... all bets were off. There was no telling what we would find.
The user can't leave the malicious domain, but they also can't interact with the page, because the dialog is in the way. And even if they could, are they really more likely to trust the site after it's made a bunch of random popups appear in a row?
Is it just malice? What does the malicious site gain?