Fake Chrome Font Pack Update Alerts Infecting Visitors with Spora Ransomware

cryogent

Level 7
Thread author
Verified
Well-known
Oct 1, 2016
307
Previously, ProofPoint researcher Kafeine discovered this attack chain distributing the Fleercivet Ad Clicking Trojan, but with the popularity and successful revenue generation of ransomware, it is not surprising to see malware distributors testing this type of infection as well. As Spora diverges from most ransomware with the offering of a menu of different payment options, this could allow for a greater volume of payments compared to ransomware that only use a single large ransom option.

As I am concerned that many people will be tricked by this attack and become infected with Spora, I wanted to provide a description as to how this attack works so people can recognize and avoid it.

How the Chrome Font Pack Update Attack Works
In order to protect yourself from the current EITest Chrome Font Update attack, it is necessary to understand how the attack works. In order to implement this attack chain, the EITest actors first hack legitimate web sites and add javascript code to the end of the page. This code will cause the page to look like gibberish and then display a popup alert stating that Chrome needs a "Chrome Font Pack" in order to see the page properly again.

Check out the rest of article here.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top