A Google Chrome scam that could infect your computer with malware continues to pose a threat to users, according to cybersecurity experts.
Last month security company Proofpoint warned that hackers can inject script into poorly-protected web pages. The script, which targets the Chrome browser on Windows, rewrites the compromised website on the victim’s browser to make the page unreadable and creates a fake issue for the user to resolve.
A popup, which contains the message “The ‘HoeflerText’ font wasn’t found,” urges users to download an update to their computers. The update, however, is actually a malware download.
“The ‘HoeflerText font not found’ malware lure, which targets Google Chrome users on Windows, continues to make the rounds via compromised WordPress sites,” wrote Tod Beardsley, research director at cybersecurity specialist Rapid7, in a statement emailed to Fox News Wednesday. The attack, he noted, gets a lot of design elements right where other malware lures fail. “The prompt is disguised as a seemingly-legitimate popup sourced from the browser,” he explained.
The malware campaign began on Dec. 10, 2016, according to Proofpoint, which says that the malicious download is a form of ad fraud malware known as Fleercivet.
Proofpoint says that the degree of social engineering involved in the scam is noteworthy. “Actors are exploiting the human factor and are tricking users into loading the malware themselves, this time via selective injects into websites that create the appearance of problems along with the offer of fake solutions,” it explained, in its note sent out last month.
Rapid7 says that hackers are attempting to launch their scam via WordPress sites. “So far, the attacks appear to be limited to compromised WordPress sites — a field that is, unfortunately, rich with targets,” said Tod Beardsley, in the statement. “Chrome users should be aware that legitimate warnings from the Chrome browser will never appear as overlays to a web page. Specifically, Chrome does not offer any functionality for prompting for a missing font download, and all such prompts are sourced from malware or malvertising campaigns.”
Citing data from Proofpoint, Tom’s Guide reports that users of the Chrome browser in Windows in the U.S., U.K, Australia and Canada are being targeted.
Follow James Rogers on Twitter @jamesjrogers