That’s Not a Font, That’s a Virus!

NeoSmart Technologies, an internet security firm, recently identified a new and very effective cyber scam that has been targeting Google Chrome users by prompting them to update their Chrome Font Pack, but…

HoeflerText is not a real font – It’s actually malware in font clothing.

Hackers have apparently encoded JavaScript into a poorly secured WordPress website, in order to make the site look unreadable.  It then prompts the user to download Chrome’s new “Font Pack” with “HoeflerText” in order to make the site readable again.

The “Font Pack,” however, is actually Trojan malware that will infect the victim’s computer with Spora ransomware, which is one of the most sophisticated viruses around.  Discovered only a few months ago, at the beginning of the new year, Spora comes complete with active infection channels, advanced encryption codes and state-of-the-art ransom payment methods.

The scam is particularly effective because it appears legitimate, from the Chrome logo down to the font and colors of the dialog window.  However, there are clues:

  • File Name Mismatch.  When the target clicks “Update,” the file that is downloaded is titled “Chrome Font v7.5.1.exe” but the file name on the instructions is called “Chrome_Font.exe” which is suspicious.
  • Chrome Version 53.  The dialog window states that the user is running Chrome v. 53 – it has been coded to say that, regardless of your actual version, so be aware.
  • Standard Security Warning.  Although Chrome has yet to flag this particular software as “malware,” a standard “this file isn’t downloaded often” warning may possibly pop up, depending on your antivirus software.  It was discovered, though, that only 9 antivirals out of 59 total actually identify the malicious file as malware.

Besides being able to identify the above clues, there are other ways to safeguard your computer against this virus:

  • Be Cautious.  Always be wary when downloading any file found on the internet.
  • Keep Antivirus Software Up-To-Date.  Update your software as soon as you notice there are updates to be done, as the software companies are always finding and patching new threats.
  • There are no Chrome Font Packs.   It already comes standard with everything that you need.