Data Security News Headlines 7th September 2017

  1. Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware

Google Chrome with 2 billion active users is the most used web browser in the world. At the same time, Firefox has over 1 billion active users making these two perfect and lucrative targets for hackers and cyber criminals.  Recently, Brad Duncan, an IT security researcher discovered a campaign called “EITest” targeting unsuspecting Chrome users that end up delivering RAT malware on a targeted Windows device. EITest campaign was first discovered back in 2016 infecting users with ransomware like Mole and Spora by tricking users into downloading “fake Google Chrome missing font” through pop ups on compromised WordPress websites. But since August 2017, the campaign has made some changes as it aims at distributed NetSupport Manager remote access tool (RAT). Once a user visited the compromised site, it comes up with a popup message stating that the website is only viewable in “Hoefler Text” font which can be installed by clicking the “update” tab. As shown in the screenshot below the pop-up states: “The HoeflerText font wasn’t found. The webpage you are trying to load is displayed incorrectly, as it uses the “Hoefler Text” font. To fix the error and display the text, you have to update the “Chome Font Pack.” Once you click on download it starts downloading .exe file n the victim’s computer which installs NetSupport Manager remote access tool (RAT).

Cyber Security Tips:  Users are strongly recommended that avoid installing fonts from browser update notification, beware of adware and keep using reputed antivirus in your system.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: