There’s a few new dangerous characters out there in the ransomware underworld. Literally, dangerous characters, or dangerous fonts, to be exact.
Here’s how it works. Somehow you wind up on a site with illegible content that puts up a box saying “The ‘HoeflerText’ font wasn’t found, click to update the Chrome font pack”. Guess what? Don’t do it. It’s a scam!
NeoSmart Technologies ran into the malware while browsing a compromised WordPress site (WordPress is a popular website building tool that, like most others, require timely security updates). It seems this scam first appeared last month. Hackers are modifying the site’s text to look all jumbled up with symbols and other random characters.
If you somehow land on one of these websites from a search engine or social media site, and you get the dialog box that says, “The ‘HoeflerText’ font wasn’t found, update the Chrome Font Pack” – one click on “Update” and it installs malware on your machine. One variant will install the new Spora ransomware, just discovered at the start of this year. You do NOT want to get that.
Like every other scam, it looks legit, really looks like the problem is that a font is missing, the dialog window has the Chrome logo and just the right shade of blue on the “update” button. But looks aren’t everything. You can also recognize this scam from these details: the dialog window shows that you are running “Chrome version 53” even if you’re not. Don’t do this but, clicking the “Update” button downloads “Chrome Font v7.5.1.exe.” But this file is not the one shown in the box, which reads “Chrome_Font.exe.”
Thankfully, although Chrome does not flag it as malware the browser does block it (albeit with the option to continue) because the file is not downloaded too often, which is a standard Chrome warning.
As of this writing only 9 out of 59 anti-virus products identify the file as malware.
You don’t ever have to update the Chrome font pack, as Chrome already comes with it, with all the fonts you’ll ever need pre-installed.