Missing font hack prompts Chrome users to install malware on their Windows PCs
Malicious hackers have found yet another way to inject extremely rare malware into PCs, using an unusually clever method this time.
The typical methods employed by hackers to deploy malware, include email attachments, infected files on file-sharing sites, and the usual sketchy browser pop-up, offering “free online antivirus scans”.
Fortunately, consumers are beginning to catch up to these tactics, and are becoming savvy enough to avoid them, also thanks to Google Chrome, and Microsoft Edge, promptly blowing the whistle on unsafe websites.
With that in mind, hackers are stepping up their game too, with more sophisticated ways to lure users into their traps.
One such method involves hacking websites created using Wordpress, and similarly easy to hack content management systems.
The hack is pretty simple, yet clever, and it works in two steps: First, the hacker tweaks the compromised website’s CSS (Cascading Style Sheet), which is code that determined the basic look and feel of a website’s HTML, to turn all text invisible.
Next, a pop-up will notify the visitor that a font is missing, which at this point it would seem a rather believable claim, since nothing on the site can be read. The popup is designed to resemble a notification from Google Chrome, but it’s actually a link leading to the download of malware.
Some accounts of widespread occurrences tell of a “Chrome Font v7.5.1.exe” file, as the filename associated with this rare form of malware.
The bad news is that there is little chance your antivirus will be able to detect it, as this virus is extremely new, and possibly leading to some nasty side-effects, including the installation of particularly pernicious ransomware.
At any rate, downloading executables from unknown sources is typically a bad idea, no matter what the download page looks like. By this token it’s always a good idea to take a good look at the address bar on your browser, if you believe a site is trying to download a file on your computer.
Fortunately, modern browsers will ask before downloading anything, especially executables, with a pretty obvious Save As system dialog. Still, it may not always be clear whether or not a file is a threat or not, until it’s being downloaded and scanned, and even then, questions remain, until such time as bad things start happening.
Ready to shop?
PortableOne has the best deals on Windows 10 Pro laptops, featuring the latest hardware-based security features, and full BitLocker encryption to protect your files from prying eyes.