There’s a crafty new way hackers are trying to get inside your computer: By tricking you into installing a fake “missing font.”
The attack was detailed in a recent blog post by Mahmoud Al-Qudsi at Neosmart Technologies, and pretends to be a pop-up on Google Chrome in order to fool the would-be victim into installing malware onto the computer.
But if you know how it looks, it’s possible to watch out for it.
Here’s how it works:
- The victim navigates to a website that, unbeknownst to them, has already been compromised by a hacker. (In this case, it was a WordPress site.)
- Malicious code changes the text on the page so it looks like it’s not loading properly — then displays a pop-up to the user telling them they’re missing the necessary font to view the text.
- This pop-up looks like an official Google Chrome pop-up, and asks them to update their “Chrome Font Pack.”
- If the victim is duped, and clicks update, the file “Chrome_ Font v7.5.2.exe” starts to download.
- Instructions appear telling the victim to run it when it opens.
- If they do that — oops, they have been infected.
Mahmoud Al-Qudsi writes that Google Chrome doesn’t flag the download as being dangerous — although it does warn that “this file isn’t downloaded very often.”
We should also note that although it mimics Google Chrome, the web browser itself isn’t compromised. If you see this it doesn’t mean there’s anything wrong with your app — just the website you’re on. It’s also an Windows .exe file, meaning Mac users are safe this time around. But there’s no reason a similar attack could be used to target macOS users using Chrome, or any other web browser.
Now you know what to look out for. Don’t download files from unknown sites — if in doubt, play it safe.
Get the latest Google stock price here.