Beware! Don't fall for "Font Wasn't Found" Google Chrome Malware Scam

Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack…

…Just Don't Download and Install It. It's a Trap!

Scammers and hackers are targeting Google Chrome users with this new hacking scam that's incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems.


Here's What the Scam is and How it works:

It's a "The 'HoeflerText' font wasn't found" scam.

Security firm NeoSmart Technologies recently identified the malicious campaign while browsing an unnamed WordPress website that had allegedly already been compromised, possibly due to failing to apply timely security updates.

The scam is not a new one to identified by NeoSmart. It has been making rounds since last month.

The hackers are inserting JavaScript into poorly secured, but legitimate websites to modify the text rendering on them, which causes the sites to look all jumbled with mis-encoded text containing symbols and other random characters.

So if Chrome users come across such websites from a search engine result or social media site, the script makes the website unreadable and prompts them to fix the issue by updating their 'Chrome font pack.'

The prompt window says: "The 'HoeflerText' font wasn't found," and you're then asked to update the "Chrome Font Pack." If clicked, it actually installs a malware trojan on your machine.

The scam can also be used to infect victims computer with Spora ransomware -- one of the most well-run ransomware operations, discovered at the start of this year, with active infection channels, advanced crypto, and an advanced ransom payment service.

What makes this scam particularly appealing is that everything about the browser message looks legit, from the type of "missing font" and the dialog window to the Chrome logo and the right shade of blue on the "update" button.


How to identify the Scam?

There are several ways to recognize this scam.

First of all, the dialog window has been hard-coded to show that you are running Chrome version 53 even if you actually aren't, which might be a clue that something is not right.

Secondly, there's an issue with the filenames: Clicking the "Update" button proceeds to download an executable file titled "Chrome Font v7.5.1.exe." But this file is not the one shown in the malicious instruction image, which reads "Chrome_Font.exe."

Even if you fail to identify these clues, you may get a standard warning, saying "this file isn't downloaded often," when you try to download the file.


Chrome Does Not Flag it as Malware

However, what's strange is that the Chrome browser doesn't flag the file as malware, but the browser does block it because the file is not downloaded too often, which is a standard warning.

NeoSmart Technologies has since run the malware through VirusTotal, which revealed that currently only 9 out of 59 anti-virus software in the database accurately identify the file as malware.

So users are always recommended to exercise caution when downloading anything from the Internet onto their computers, to keep your antivirus software up-to-date and do not ever fall for scam asking you to update the Chrome font pack, as it already comes with everything you need.