If you see the above message – “The HoeflerText font wasn’t found” – it is a lie. If you click on the “Update” button and run the executable named “Chrome_font.exe” or “Chrome Font v7.5.1.exe”, you will install malware on your computer, most likely ransomware that could take down your entire company.
It’s a scary world.
To run this exploit, the bad guys find legitimate websites that have weak security, which allows the bad guys to inject a bit of JavaScript to run their malware.
This attack is aimed at Chrome users. When you use Chrome and click on a link to the perfectly legitimate site from a Google search or a Facebook post, the page is displayed but all the text is replaced with unreadable symbols and random characters. As shown above, a window appears with a notice saying that your browser needs to be updated with a missing “Chrome Font Pack.” There are no giveaways that make it easy to tell it’s phony. It looks like a notice from Google. It has the right layout, it has legitimate looking technical details, it even uses the right color for the Update button.
It would be incredibly easy to fall for this scam. The security companies were reportedly not flagging the download as a virus for the first couple of days. And the bad guys are used to that timeline. They don’t expect more than a couple of days leeway to distribute malware or send out virus messages or set up phony websites. By the time the antivirus programs are updated, the bad guys have moved on to something else.
Take this as a warning: be suspicious of everything. Bad guys will try to fool you in email messages, on the phone, and on the web. Read the Rules for Computer and Online Safety and be paranoid whenever anything unexpected or unfamiliar happens. We live in an open and interconnected world. The bad guys understand that deeply and are exploiting it in creative ways. Be careful out there!