The ‘HoeflerText’ font wasn’t found? Beware, it’s a trap!
A new malware campaign targets Chrome users
NeoSmart Technologies recently identified a malicious campaign that spreads through legitimate, but compromised, websites:
Today while browsing a (compromised) WordPress site that shall remain unnamed, I came across a very interesting “hack” that was pulled off with a bit more finesse than most of the drive-by-infection attempts.
So if Chrome users come across such websites, the script makes the website unreadable and prompts them to fix the issue by updating their ‘Chrome font pack.’
The prompt window says:
The ‘HoeflerText’ font wasn’t found”
and asks users to download and installs the “Chrome Font Pack”
If installed, the application tries to infect the machine with a malware (supposedly a ransomware):
Indeed, the malware behavior (ex. disabling ShadowCopies), tend to identify it like a ransomware:
For more technical info, please refer to the original article: