In January earlier this year, a web developer uncovered that several internet browsers, including Google Chrome, could be manipulated to expose user's personal data by exploiting its built-in "autofill" capabilities. Typically, such attacks can be designed – and tailored – for every major web browser or operating system, from Mozilla Firefox to Microsoft Edge. In any case, the attack clearly represents the abundance of techniques that cybercriminals can use to infect unwitting people online.
Additionally, the download file itself does not appear to have an official Google icon, only shattering the illusion further. Also, while Chrome itself doesn't view the file as malware, it should still be blocked by a warning that "this file isn't downloaded very often", Al-Qudsi said.įurthermore, the pop-up box that appears is slightly blurred, which for many internet users is a clear warning sign something is amiss. Luckily for potential victims, there are a number of key warning signs the "update" landing page is a scam. Firms that identified the malware successfully included Fortinet, Malwarebytes, CrowdStrike and Symantec.īug hides in a "font not found" prompt Mahmoud Al-Qudsi If infected, VirusTotal revealed the malware will snoop on files and documents and can be used to inspect core Windows system files.
What does 'missing font' malware do and how to identify it When uploaded to VirusTotal, a service which profiles malware, only nine out of 59 antivirus scanners identify it as dangerous.
The shape of the update button seems correct, and the spelling and grammar are definitely good enough to get a pass."įurthermore, the file that downloads if a user clicks update is not recognised by either Windows Defender or Chrome as being a virus. "The usage of a clean, well-formatted dialog to present the message with the correct Chrome logo and the correct shade of blue for the update button. The premise is actually believable: the text doesn't render, and it says that is caused by a missing font (a real font, by the way), which it then prompts you to download and install. To fix the error and display the text, you have to update the "Chrome Font Pack." It has a blue button that appears real at a glance, labelled "Update."Īl-Qudsi said: "This attack gets a lot of things right that many others fail at. Screenshots show the hacker designed a warning box that appears legitimate, using Chrome's branding and colour scheme.Ī message displays: The web page you are trying to load is displayed incorrectly as it uses the "HoeflerText" font. The malicious script caused text on the website to be replaced with "symbols and rubbish" in place of the content, Al-Qudsi wrote in a blog post. How to avoid being infected by X-Agent Mac malware created by Fancy Bear Russian hackers How does the Chrome hack work?