Chrome has remained the eye-candy of cyber-criminals lately and the latest hacking campaign is a clear proof of that. NeoSmart Technologies, a renowned cyber-security firm, has identified the presence of a new hacking campaign using JavaScript to manipulate the text on a compromised WordPress website. This way, the malicious code is disguised and as the victims try to modify the text, the malware gets installed on the computer.
More: Fake Chrome Update Leads to Android Malware Stealing Personal Data
This screenshot shows the hacking tactics of the attackers:
Image Source: NeoSmart
According to their research, Chrome users are mainly being lured to download a missing font. However, this is just a trick and the actual purpose is to get the malware installed on their systems. This campaign was identified by NeoSmart Tech while exploring a WordPress website, which was seemingly compromised as all the text on the site appeared to be mixed-up and then the site’s visitors were prompted to install a missing font to fix the issue. To do this, the victim will have to update the Chrome font pack.
It does seem like a pretty decent trick to lure users into downloading malware primarily because the dialog window that appears to request users for installing the missing font has been designed like the genuine Chrome message window containing the same shade of blue color on the Update button and the logo on one side. However, no ploy can be fool-proof and in this particular case as well there are certain loopholes.
Firstly, the dialog window states that the victim is using Chrome version 53 even if it is not true. Furthermore, when you click on the Update button, it will proceed to ChromeFontv7.5.1.exe, which is an executable file. The name of the file is different from the one mentioned in the dialog box and promised to be downloaded, which is Chrome_Font.exe.
Image Source: NeoSmart
More: Facebook ‘Comment Tagging Malware’ Spreading via Google Chrome
The file has been blocked by Chrome and users are also being warned by the browser as they are being advised to ignore the file completely. On the other hand, a VirusTotal scan has revealed that out of the 59 antivirus scanners, 9 have identified the file as a potentially threatening malware. It must be noted that there is no need to update Chrome’s font pack at all as there is no issue with it and in case you visit a site showing similar update pop up you know what to do. 😎
