 |
| (pc-Google Images) |
The malware works by replacing text on a page with gibberish and then prompting the user to download an update to the “Chrome Font Pack.” Clicking on the Update button will then download an application installer.
“This attack gets a lot of things right that many others fail at. The premise is actually believable: the text doesn’t render, and it says that is caused by a missing font, which it then prompts you to download and install,” says NeoSmart staffer Mahmoud Al-Qudsi .
“The usage of a clean, well-formatted dialog to present the message with the correct Chrome logo – and, more importantly, – the correct shade of blue for the update button. The shape of the update button seems correct, and the spelling and grammar are definitely good enough to get a pass.”
Al-Qudsi notes the malware includes incorrect Chrome version descriptions and blurred image text that indicate it’s a fake update. What is even worse is that neither Windows Defender nor Chrome recognises this software as malicious and allow users to download it.
