Wednesday, February 22, 2017
Attackers are always devising new ways to trick victims, and there's a new round of attacks going on as we speak, trying to trick Chrome users into installing malware by telling them there's a font missing.
The technique is quite simple and ingenious: as you visit a legitimate page you risk suddenly see just a bunch of weird symbols instead of letters, followed by a popup - trying to mimic a Chrome dialog box - warning you that some "HoeflerText" font wasn't found, and requesting you to update the Chrome Font Pack.
The dialog even shows the supposed "obsolete" font pack version as well as the new one, and also stating Google as the manufacturer in hopes to gain added credibility. But, no matter how it looks, it's fake, and if you press update, you'll be installing malware on your own computer!
We've already received some reports of people falling for it, some that quickly figured out something fishy was going just because they were using RansomFree and it alerted them for suspicious activity.
Just let your friends and family know that this happening, and that they should simply close the chrome tab should any page request them to "update" whatever it may be.