Firefox users should be aware of HoeflerText scam too
Not so long ago misleading “HoeflerText font was not found” ads has been spotted spreading Spora ransomware virus. This social engineering technique was aimed at Google Chrome users.[1] When people entered a crafted website, they received a pop-up window asking to install “Chrome Font Pack” in order to see the content of the site. These notifications looked the same way as original Chrome alerts. Thus, there’s no surprise that many computer users have been tricked. The success of this malware distribution strategy hasn’t left unnoticed. A new wave of HoeflerText scam has been just noticed distributing Panda Banker virus, which is a variant of infamous Zeus banking Trojan. Cyber criminals adopted this social engineering technique and started attacking both Google Chrome and Mozilla Firefox users.
At the beginning of May 2017, a researcher from ProofPoint company, known as Kafeine, tweeted[2] about discovering a new social engineering[3] campaign which distributes dangerous banking trojan. In order to launch a successful attack, cyber criminals need to trick people into visiting a crafted website. Then, users receive a pop-up message informing that “HoeflerText font was not found.” The alert says that site is displayed incorrectly, but users can fix this problem by updating “Mozilla Font Pack.” The message also includes details about manufacturer and version of the browser. Thus, users can get easily tricked into clicking “Update” button.
What happens then? After clicking this dangerous button, a regular download window shows up. It informs that user is installing “Mozilla_Font_v7.87.zip” file. However, this ZIP archive does not include any updates for Mozilla. It hides a malicious “Mozilla_Font_v7.87.js” file. Once the download starts, the malevolent website gives instructions how to install these updates. As soon as victim runs a JavaScript file, malware is saved and executed on the computer. Since then, victim’s privacy, login details, and money are in danger.
It’s still unknown how attackers distribute the link to this infected website. Originally Panda Banker has been spread via malicious email attachments. Thus, such link might appear in target’s inbox and convince to click particular link or button. However, malware researchers also suspect that cyber-criminals might use malvertising[4] and exploit kits. Therefore, it’s time to strengthen your computer’s security, update Mozilla and Chrome,[5] and be more vigilant with received emails.
- ^ Mohit Kumar. Beware! Don't Fall For "Font Wasn't Found" Google Chrome Malware Scam. The Hacker News. The website about cyber security and hacking news.
- ^ Tweet by Kafeine. Twitter. The social network.
- ^ Margaret Rouse. Social engineering. TechTarget. Includes tips, webcasts, and other advice in a variety of focused enterprise technology channels.
- ^ Lauren Papagalos. Malvertising – What is it?. SiteLock Blog. The blog about website security news.
- ^ How to Update Your Browser. WikiHow. The website provide instructions how to do anything.