This "Chrome Font Packs" Malware is Affecting Computers
Chrome users may want to stay extra vigilant when browsing the web today as cyber security firm NeoSmart Technologies have discovered a crafty new way that hackers are using to get users to unknowingly install malware onto their computers.
DNSChanger – Malware that targets your routers through web browser
Malware that targets computers are rather common but malware that targets routers are a completely different thing. Researchers…Read more
Clicking on the “Update” button would cause the website to download a file called “Chrome Font v7.5.1.exe” which is a malware in disguise. What happens next is pretty straightforward: the user opens the “.exe” file and installs it on their machine, and the machine is now compromised, giving hackers access to it.
While the entire attack is rather convincing, there are a few glaring flaws that this attack has. The first major flaw is that the dialog box for the attack is hard coded to display version 53 of Chrome, so those who are well aware of the version of Chrome they’re running would immediately sense that something is off.
On top of that, downloading the “Chrome Font Pack” would cause the Chrome browser to flag the download as “not being downloaded very often”, although Chrome doesn’t actively flag the file as being malicious.
Finally, the entire process of download and executing the file is misrepresented between the accompanying pop-up dialog and the actual process, such as discrepancies in the file’s name, as well as a non-existent UAC prompt.
Interestingly enough, this particular malware has managed to evade both Windows Defender and Chrome scans. Furthermore, VirusTotal reveals that the malware itself could potentially be a new creation, considering the fact that only 9 out of 57 antivirus scanners could identify the malware thanks to heuristics.
In the meantime, the best way to prevent your device from being compromised is to avoid running executables from sources that appear shady.