Monday, 27 February 2017

Chrome malware masquerades as "missing font" files

New hack tricks users into downloading missing fonts loaded with malicious files
A security researcher has discovered a new hacking tactic on Google Chrome that manipulates websites into displaying missing font prompts, which then trick users into downloading malicious files.

The infection was first spotted on an unnamed WordPress website by Mahmoud Al-Qudsi, a researcher at cybersecurity firm NeoSmart Technologies, who detailed the process in a blog post.

The attack involves a hacker exploiting JavaScript to alter the rendering of content on a webpage, causing it to resemble mis-encoded text which appears as a jumble of symbols and shapes. The code then prompts the user to download the missing fonts through a Chrome language pack to decipher the text.

Clicking "Update" results in a file called "Chrome Font v7.5.1.exe" being downloaded and a second prompt encourages the user to run the file, all the while appearing as a perfectly safe Chrome download.

The attack is particularly well disguised and makes every attempt to appear a legitimate Chrome pop up, including the correct text formatting and right use of colours for the "Update" button.