Hackers have discovered a way to break into websites that have weak security, so they can fool visitors into downloading malware.
Google Chrome users could be lured into downloading malware disguised as a fix for corrupted fonts, according to a recent report.
Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack, Just Don’t Download and Install It. It’s a Trap!
How the malware scam works
Three factors are needed for this scam to be successful:
- Victim is using the Chrome Browser on a Windows machine.
- Victim lives in an English speaking country – The U.S., U.K., Canada and Australia are being targeted.
- Victim is sent to the malicious site through search engine results (You would have to click the link to the site that shows up in a search).
If all of these factors are in place, you could fall victim to this attack.
When you realize the page is unreadable, a fraudulent Chrome message appears. It says that “The ‘HoeflerText’ font wasn’t found,” which is why you can’t read the page. You’re then asked to update the “Chrome Font Pack.”
Warning! Clicking on the Update button on this message will infect your gadget with click-fraud adware.
Hidden ads will be loaded and clicked on automatically. This is how the criminal gets paid, by ripping off legitimate ad networks.
At this time the risk to Chrome users is their gadget is infected with click-fraud adware. However, this scheme could change at a moment’s notice. The hacker could change the malicious link into something worse, like encrypting ransomware.
The best defense is knowing what to look for. If you visit a site and it asks you to download a font update, do NOT do it! It’s always better to be safe than sorry.Share This: