Not so long ago misleading “HoeflerText font was not found” ads has been spotted spreading Spora ransomware virus. This social engineering technique was aimed at Google Chrome users. When people entered a crafted website, they received a pop-up window asking to install “Chrome Font Pack” in order to see the content of the site. These notifications looked the same way as original Chrome alerts. Thus, there’s no surprise that many computer users have been tricked. The success of this malware distribution strategy hasn’t left unnoticed. A new wave of HoeflerText scam has been just noticed distributing Panda Banker virus, which is a variant of infamous Zeus banking Trojan. Cyber criminals adopted this social engineering technique and started attacking both Google Chrome and Mozilla Firefox users.
At the beginning of May 2017, a researcher from ProofPoint company, known as Kafeine, tweeted about discovering a new social engineering campaign which distributes dangerous banking trojan. In order to launch a successful attack, cyber criminals need to trick people into visiting a crafted website. Then, users receive a pop-up message informing that “HoeflerText font was not found.” The alert says that site is displayed incorrectly, but users can fix this problem by updating “Mozilla Font Pack.” The message also includes details about manufacturer and version of the browser. Thus, users can get easily tricked into clicking “Update” button.
It’s still unknown how attackers distribute the link to this infected website. Originally Panda Banker has been spread via malicious email attachments. Thus, such link might appear in target’s inbox and convince to click particular link or button. However, malware researchers also suspect that cyber-criminals might use malvertising and exploit kits. Therefore, it’s time to strengthen your computer’s security, update Mozilla and Chrome, and be more vigilant with received emails.