Photo Credit: NeoSmart Technologies
As more and more people get online, malicious activities to hack users personal information is on the rise. A new attack has just come to light that tricks users into installing malicious software, under the disguise of a font pack. It is reportedly affecting Google Chrome users on Windows and Mac both.
The exploit was spotted by NeoSmart Technologies, and it arrives as a pop-up on a few malicious sites. The report claims that this pop-up was seen on an 'unnamed' WordPress site. This pop-up doesn't look fishy, and comes with the original Chrome logo and the same blue colour palette that the browser uses. The text on the site doesn't render, allegedly due to the use of JavaScript to mis-encode text with symbols, and the box informs you that the "font wasn't found" (in this case, HoeflerText), and prompts you to download and install the fake Chrome Font Pack, called 'Chrome Font v7.5.1.exe', right away.
What is even worse is that neither Windows Defender nor Chrome recognises this software as malicious and allow users to download it - the report notes, adding that while it's not in Chrome's Safe Browsing blacklist, the company has been informed about it. Furthermore, the report claims that only nine out of the 59 antivirus scanners in its database correctly identified the file as malware. It is not yet known what damage this malware can do, but we would advise caution before downloading any unknown software.
While the pop-up message is made with much finesse, and doesn't easily give away hints of being fake, we recommend extra caution while downloading software through any such pop-ups on less legitimate sites online. Furthermore, ensure that you have good malware protection on your PC for secure browsing.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.