Imaginary font message fools the unwary…

There’s a new Google Chrome malware scam making the rounds, one that alerts users to a dangerous situation: the “HoeflerText font” cannot be found. Fortunately, there’s a handy update button in the popup box to help remedy this imaginary problem. Clicking the update button installs a trojan or even the Spora ransomware.

Malware scam works by inserting Java script into websites with vulnerable security flaws

There’s a good reason the HoeflerText font cannot be found…

It works by inserting Java script into websites with vulnerable security flaws, something that you don’t have any way of knowing. All you know is the website you’re trying to access is nothing but gibberish (hence, the font can’t be found) and you click the update, hoping to read the website.

Think of it as being the ‘snipe hunt’ of scams… Snipe hunts are a lot of fun, well, for everyone except the victim. If you’ve never been invited along on one of these late-night (usually alcohol-fuelled) expeditions, it works like this: you bring an unsuspecting friend out into the woods. You give him a giant stick and a sack to put the snipe in, then teach him the very specific and idiotic snipe call. After leaving him to his serious work, you try not to laugh as you record him yelping and flailing his arms, in an attempt to lure an imaginary animal closer. There are bonus points involved if you manage to also frighten him in the darkened forest.

Fortunately, there are a few ways to avoid it. Even if you don’t know that you’re not actually missing your HoeflerText capabilities, TheHackerNews has pinpointed these identifiers:

  • “First of all, the dialog window has been hard-coded to show that you are running Chrome version 53 even if you actually aren’t, which might be a clue that something is not right.”
  • “Secondly, there’s an issue with the filenames: Clicking the ‘Update’ button proceeds to download an executable file titled ‘Chrome Font v7.5.1.exe.’ But this file is not the one shown in the malicious instruction image, which reads ‘Chrome_Font.exe.'”
  • “Chrome browser doesn’t flag the file as malware, but the browser does block it because the file is not downloaded too often, which is a standard warning.”

Remember, Chrome is already complete for operation, meaning there’s no need to fall for an update to add on additional fonts. Even if a future variation on this doesn’t specifically mention “HoeflerText,” if you’re directed to add the “Chrome font pack,” it’s a scam.

Don’t take a chance – download the latest security and anti-malware software now – here on FileHippo.