This “Chrome Font Packs” Malware is Affecting Computers

Chrome users may want to stay extra vigilant when browsing the web today as cyber security firm NeoSmart Technologies have discovered a crafty new way that hackers are using to get users to unknowingly install malware onto their computers.

DNSChanger – Malware that targets your routers through web browser

DNSChanger – Malware that targets your routers through web browser

Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers…Read more

First discovered by Mahmoud Al-Qudsi, the attempt relies on using JavaScript to replace normal text with misencoded symbols and gibberish. This “hack” would then prompt the user to update the “Chrome language pack”.

Clicking on the “Update” button would cause the website to download a file called “Chrome Font v7.5.1.exe” which is a malware in disguise. What happens next is pretty straightforward: the user opens the “.exe” file and installs it on their machine, and the machine is now compromised, giving hackers access to it.

hoefler text not foundhoefler text not found

While the entire attack is rather convincing, there are a few glaring flaws that this attack has. The first major flaw is that the dialog box for the attack is hard coded to display version 53 of Chrome, so those who are well aware of the version of Chrome they’re running would immediately sense that something is off.

update textupdate text

On top of that, downloading the “Chrome Font Pack” would cause the Chrome browser to flag the download as “not being downloaded very often”, although Chrome doesn’t actively flag the file as being malicious.

Finally, the entire process of download and executing the file is misrepresented between the accompanying pop-up dialog and the actual process, such as discrepancies in the file’s name, as well as a non-existent UAC prompt.

non existent uac promptnon existent uac prompt

Interestingly enough, this particular malware has managed to evade both Windows Defender and Chrome scans. Furthermore, VirusTotal reveals that the malware itself could potentially be a new creation, considering the fact that only 9 out of 57 antivirus scanners could identify the malware thanks to heuristics.

In the meantime, the best way to prevent your device from being compromised is to avoid running executables from sources that appear shady.

virus totalvirus total
Here’s a Sneak Peak Into How Google Combat Android Malware

Here’s a Sneak Peak Into How Google Combat Android Malware

Verify Apps is one of the features that is available on every Android device that supports Google Play.…Read more



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s