As If Miners Weren't Enough, Roboto Condensed Attack Now Pushing Crapware

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Since late August, a social engineering, or SocEng, attack called Roboto Condensed is being added to hacked sites and distributing keyloggers, miners, and downloaders. This attack will display an alert to visitors that state that they need to install a Roboto Condensed Font Pack for their browser in order to properly view the site.

If a victim falls for this attack and installs the "update", depending on which malware is currently being distributed, the victim will be infected with the Ursnif keylogger, Miners, or Trojan downloaders. As of Sunday, this attack has also started adding crapware & adware bundles to the mix to further make their victims miserable.

chrome-roboto-condensed.jpg

Fake Chrome Update Alert
firefox-roboto-condensed.jpg

Fake Firefox Update Alert
InstallCapital Adware Bundles Now Being Pushed on Victims
Let's face it, all malware sucks and no one wants keyloggers, miners, or downloaders on their machines. Yet, there is something about adware that just makes me crazy, Maybe it's because these people act like all the software they distribute is legitimate, aren't afraid of legal repercussions, and are so brazen about it. Regardless of what it is, Adware has become so profitable to distribute that even hackers and malware distributors are starting to switch to it.

This is shown in the very detailed article by Malware Breakdown, where the security researcher explains how he discovered that the Roboto Condensed SocEng started adding adware bundles to their attack.
Click to expand...


It's not only Adware ...
Unfortunately, adware bundles are only one of the types of malware that are being distributed by the Roboto Condensed attack. This is because the attackers will periodically change what malware is being distributed by the fake font update so that sometimes you may get a miner, keylogger, or other downloading Trojan instead.

So for someone who mistakenly installs the fake update, it is really Russian Roulette when it comes to the type of malware that will be installed.

It goes without saying that if you encounter any web site stating that you need to install an update for your browser, it should be avoided and the file should not be installed. Almost all modern browsers contain built-in mechanisms to check for new updates and prompt you to install them. They will never, though, be in the form of a dialog box or alert being shown from a web site.
Click to expand...
 
  • Like
Reactions: Behold Eck, shukla44, plat1098 and 8 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Malware News Over 6,000 WordPress hacked to install plugins pushing infostealers
Replies
1
Views
1,170
Security News
Victor M
Victor M
[correlate]
    • Like
    • +Reputation
    • Applause
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
Replies
1
Views
1,370
News Archive
SumTingWong
SumTingWong
Gandalf_The_Grey
    • Like
    • +Reputation
Malware News Fake Google Chrome errors trick you into running malicious PowerShell scripts
Replies
1
Views
1,894
Security News
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top