Malware Alert: Hackers Trick Users into Downloading Fake Google Chrome Font Pack

New Hacker Gimmick: The Release of Fake Google Chrome Font Pack Can Affect You

Malware Alert: Hackers Trick Users into Downloading Fake Google Chrome Font PackGoogle Chrome users have been cautioned to be on the alert for scammers and hackers prompting them to download a fake Google Chrome font pack update just to trick them into installing malware on their systems.

This scam has apparently been making its rounds since January this year. Proofpoint researchers have discovered this, saying only Chrome users on Windows are potential victims.

Moreover, the researchers also claimed that it only affected users from specific countries and only if they navigated to a compromised website using a specific route, such as search engine results.

If Chrome users come across such websites, the script then makes the website unreadable and prompts them to fix the issue by updating their ‘Chrome font pack.’


‘HoeflerText’ Font

The prompt window would say: “The ‘HoeflerText’ font wasn’t found”. With this, there will be a prompt to update the “Chrome Font Pack.” If users clicked on it, it actually installs a malware trojan on your machine.

HoeflerText font wasn't found

The technique relies on attackers compromising websites and adding their own scripts to the site’s source code. Meanwhile, these scripts filter out the incoming traffic and load another malicious script only for Chrome users on Windows.


Destroys Web Page Content

This second script will replace HTML tags with “& # 0,” which ruins the site’s content and displays “�” characters all over the page.

Apparently, the scam can infect victims computer with Spora ransomware. This is one of the most active ransomware operations with live infection channels, crypto, and ransom payment service.

READ ALSO:  Demand for Firewall Expected to See Rapid Growth

To give it legitimacy, the pop-up has Google Chrome’s logo and uses classic button styles. Incredibly, they mirror the official Google Chrome website.

According to some reports, only a very small number of anti-malware apps are detecting this particular attack right now.

This malware was primarily successful due to its ability to fly under the radar. Also, it does not get the recognition as an infection by a variety of security programmes.

Proofpoint says the font update packages that users download via this technique come with the Fleercivet click-fraud malware. This works by navigating to preset URLs and clicking on hidden ads behind the user’s back, earning crooks money.

This same malware was present on underground cybercrime services. There’s one under the name of Simby in early 2015, and Clicool in late 2015 and in 2016.

These ads aim to promote the installation of additional questionable content. This includes web browser toolbars, optimization utilities and other products. Further, when users click on the ads, the adware publisher can generate pay-per-click revenue. Other malicious adware programmes might enter the computer without the user’s knowledge.

Though Chrome doesn’t flag the download as malware, the browser blocks the file with a warning message “this file isn’t downloaded very often”.

This is a standard warning and next time you notice it better skip the download process of the file. The timely reaction could enable you to avoid ransomware infection.

New Hacker Gimmick: The Release of Fake Google Chrome Font Pack Can Affect You


Scammers are Quickly Improving their Techniques to Deceive

Scammers are quickly improving their techniques to deceive users online. Therefore, it always pays to be careful of the sites we visit on the internet, as well as the files we download, and to improve our IT security.

READ ALSO:  Bad Rabbit Wrecks Havoc in Russia

Consult IT professionals for advice if you require any help. You may also contact us at IT Solution for more information.

/ Security

About the Author

IT Solution Singapore

IT Solution Singapore, as an IT Service Provider in Singapore, provides our clients with a one-stop IT Solution for your business from Domain & Web Hosting, Buy SSL Certificates, Website Design, SEO Services, Web Maintenance & Support, Managed Digital Marketing to IT Support, New Office IT Setup and IT Outsourcing Support in Singapore.

error: Content is protected !!