Ransomware Spreads Via Fake ‘Chrome Font Pack’

There is a new malware on the loose, masquerading as an update for Chrome.  If you see a popup or other notice that tells you that you need a font update for Chrome, please ignore it and let us know immediately.

Palo Alto Networks threat intelligence analyst Brad Duncan reported that “Spora”, a powerful new ransomware strain that is able to encrypt files without communicating to a command-and-control server, is using a social engineering attack vector using fake “Chrome Font Pack” pop-ups.

Most ransomware spreads either through spam and email attachments or “malvertising”—fake ads that contain malware or malware links. Spora exploits unpatched vulnerabilities in both browsers and operating systems.

Spora’s evil geniuses have compromised multiple websites and turned the website pages into an unreadable font.  They tell visitors that the “HoeflerText” font is missing from the user’s browser and that they can fix this by downloading the “Chrome Font Pack.”

People then download and install the malicious code by double-clicking the “update.exe” file which kicks off the malicious code. The bad guys even provide help by showing where the victims can find the install file.

The moral of the story is this:  Be vigilant, be aware, and be prepared.   Keep your computer’s browsers updated to the latest versions, and make sure your operating systems are updated with the latest security patches.

And as always, “Think Before You Click”!

Leave a Reply