This screenshot shows the hacking tactics of the attackers:
According to their research, Chrome users are mainly being lured to download a missing font. However, this is just a trick and the actual purpose is to get the malware installed on their systems. This campaign was identified by NeoSmart Tech while exploring a WordPress website, which was seemingly compromised as all the text on the site appeared to be mixed-up and then the site’s visitors were prompted to install a missing font to fix the issue. To do this, the victim will have to update the Chrome font pack.
It does seem like a pretty decent trick to lure users into downloading malware primarily because the dialog window that appears to request users for installing the missing font has been designed like the genuine Chrome message window containing the same shade of blue color on the Update button and the logo on one side. However, no ploy can be fool-proof and in this particular case as well there are certain loopholes.
Firstly, the dialog window states that the victim is using Chrome version 53 even if it is not true. Furthermore, when you click on the Update button, it will proceed to ChromeFontv7.5.1.exe, which is an executable file. The name of the file is different from the one mentioned in the dialog box and promised to be downloaded, which is Chrome_Font.exe.
The file has been blocked by Chrome and users are also being warned by the browser as they are being advised to ignore the file completely. On the other hand, a VirusTotal scan has revealed that out of the 59 antivirus scanners, 9 have identified the file as a potentially threatening malware. It must be noted that there is no need to update Chrome’s font pack at all as there is no issue with it and in case you visit a site showing similar update pop up you know what to do. 😎