Beware Of This New Chrome “font wasn’t found” Malware Scam!

Have you accidentally ever got a pop-up telling you to download a missing Chrome font pack.

Don’t ever try to download and install it. It’s a hacking scam.

Attackers are targeting Google Chrome users with this new hacking trick which is easy to fall, promoting users to download a fake Chrome font pack update tricking users into installing malware on their systems.

How The Scam Works:

Security firm NeoSmart Technologies recently identified the malicious campaign while browsing unnamed WordPress website which had been already compromised.

It’s a “The ‘HoeflerText’ font wasn’t found” scam.

Beware Of This New Chrome “font wasn’t found” Malware Scam!

The attacker is inserting malicious JavaScript into poorly secured websites and modifying the text, which makes the website to look like miscoded text containing symbols and other random characters.
So if Chrome user comes across this type of website from search engines or social media platform, the malicious JavaScript makes the website unreadable and popups a window to fix the error by updating their Chrome Font pack.

A pop-up window appears saying “The ‘HoeflerText’ font wasn’t found, please download and update it, if clicked, it actually installs a trojan on the victim system.

Beware Of This New Chrome “font wasn’t found” Malware Scam!

The scam is also used to infect the victim computer with Spora ransomware.

Spora ransomware is one of the most famous ransomware for this type of scam campaign and it has been discovered at the start of this year with a very well-designed ransom payment portal, advanced crypto, and another unique feature of Spora is a real-time chat window where victims can get in contact with ransomware operators.

Identifying Scam.

A user can identify this scam by below methods:

1) It hard-coded to show you that you are running Chrome version 53 even if you are not actually using it, verifying it you will able to know that something is wrong and fishy.

2) The issue with the file name. Clicking update button proceeds to download an executable file named as “Chrome Font v7.5.1.exe.” But the file name is not the one shown in malicious page image which is “Chrome_Font.exe.”

Chrome may give you a standard warning while downloading Chrome Font v7.5.1.exe. even after you fails to recognise it.

Chrome doesn’t flag the file as malware, but the browser does block and gives a standard warning “the file is not downloaded too often”.

Virus total shows only 9 out of 59 antiviruses software identifies the file as a malware, a test done by NeoSmart Technologies.

Beware Of This New Chrome “font wasn’t found” Malware Scam!

Chrome have everything preinstalled, so there is no need for any other font pack and never get fell into this type of scam asking you to update your Chrome font pack.

Users are advised not to download any file which looks suspicious on their systems and keep their antivirus up-to-date.

Stay Safe And Stay Updated With Techposts.net

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here