A Google Chrome scam that could infect your computer with malware continues to pose a threat to users, according to cybersecurity experts.
Last month security company Proofpoint warned that hackers can inject script into poorly-protected web pages. The script, which targets the Chrome browser on Windows, rewrites the compromised website on the victim’s browser to make the page unreadable and creates a fake issue for the user to resolve.
A popup, which contains the message “The ‘HoeflerText’ font wasn’t found,” urges users to download an update to their computers. The update, however, is actually a malware download.
“The ‘HoeflerText font not found’ malware lure, which targets Google Chrome users on Windows, continues to make the rounds via compromised WordPress sites,” Tod Beardsley, research director at cybersecurity specialist Rapid7, wrote in a statement emailed to Fox News on Wednesday. The attack, he noted, gets a lot of design elements right where other malware lures fail. “The prompt is disguised as a seemingly-legitimate popup sourced from the browser,” he explained.
The malware campaign began on Dec. 10, 2016, according to Proofpoint, which says that the malicious download is a form of ad fraud malware known as Fleercivet.
Proofpoint says the degree of social engineering involved in the scam is noteworthy. “Actors are exploiting the
human factor and are tricking users into loading the malware themselves, this time via selective injects into websites that create the appearance of problems along with the offer of fake solutions,” it explained, in its note sent out last month.
Rapid7 says hackers are attempting to launch their scam via WordPress sites.
“So far, the attacks appear to be limited to compromised WordPress sites — a field that is, unfortunately, rich with targets,” Tod Beardsley said in the statement. “Chrome users should be aware that legitimate warnings from the Chrome browser will never appear as overlays to a web page. Specifically, Chrome does not offer any functionality for prompting for a missing font download, and all such prompts are sourced from malware or malvertising campaigns.”
Citing data from Proofpoint, Tom’s Guide reports that users of the Chrome browser in Windows in the U.S., U.K, Australia and Canada are being targeted.