Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with Ransomware

mcafee com activate : We have seen that social engineering attacks manipulate users over and over again. From phishing emails to harassment attempts: this kind of cyber threats has continued to manipulate users for years. And now a new scam has emerged that uses a fake update in Google Chrome to trick users into downloading and infecting themselves with the infamous Spora ransomware.

The trick is simple. In the first place, attackers insert JavaScript into unsafe but legitimate websites to modify the representation of the text in them. Then, when the victims visit these sites, the script makes the website undecipherable and asks them to solve the problem by updating their “Chrome font package”. In essence, a window appears that shows “The source ‘HoeflerText’ was not found.” And users are asked to update the Chrome Font Pack. And if they click, they are immediately infected with Spora’s effective ransomware, instead of an update for their browser.

So, why is this attack having such an easy success? I do not think so, Hoefler Text is, in fact, a real source, which adds a sense of legitimacy behind the scam. However, the malware has been so successful mainly because of its ability to fly under the radar, as it is not marked as an infection by a variety of security programs.

What is worse is that this is not the first time this happens: the delivery of malware through the EITest redirection doors has been around since at least 2014. In addition, the infected sites and samples change all the time and simply block URLs, domains and IP in the perimeter would only be playing “whack-a-mole”.

In fact, EITest gates are generally used in combination with RIG, Angler and EK Sundown to redirect victims to a number of strains of ransomware, including Spora, CryptoShield, CryptoMix and Cerber, as well as banking Trojans and various other types of malware.

So, how do you protect yourself from this scam? You can change to a browser other than Chrome, but remember that threat actors can adapt tomorrow and include Internet Explorer or Firefox.

Therefore, with this problem that has the potential to persist in more ways than one, here are some tips to stay safe while browsing online:

• Keep your browser, AV and third-party add-ons updated. In this way, if suspicious or unknown updates are received, you can immediately identify them as false.

• Keep your operating system patched. Software vendors fix faults as fast as they can, so be sure to apply all patches as soon as they are available.


mcafee activate

• Stay educated. When you’re on a website, it’s a big red flag if a pop-up appears asking to install or update sources, media players, PDF readers, etc. So, take some time to study the browser rules so that a website sometimes requires additional software to show what you are looking at, you can identify the scam at that moment.