OyaYansa Posted September 4, 2017 Posted September 4, 2017 Security researcher MalwareBreakdown warns that it has detected a new campaign that uses a false source update message to infect your computer with malware. The attack is aimed at users of Google Chrome and Mozilla Firefox, who reach malicious websites through malvertising, hacked portals or links in spam emails. According to their report, some compromised pages display an alert indicating that the website can not be displayed correctly because the Roboto Condensed font is not installed on the computer. In the popup window a link is provided to download such typography, which depending on the browser that will be used will be called Chrome Font Pack or Mozilla Font Pack, but in fact what it does is to download a virus. Once the victim clicks the Refresh button, the system downloads a file named chromefp60.exe or mozillafp60.exe. Then another pop-up window shows the steps you need to follow to install the suspected font pack. At the end of the process, the malware infects the computer, depending on the page it will be a Trojan, the keylogger Ursnif or a miner of Monero. The investigator explains that this attack can be found on legitimate websites that have been hacked by attackers, who have added the javascript code that modifies the site's display and displays the dialog to update the sources. In this way, when the visitor accesses the compromised portal, the script encodes the text so that it is not readable, as you can see above in the image. Of the three types of malware that installs this attack, the most dangerous is Ursnif, since it clandestinely records everything the user types on the keyboard and sends it to the attacker. In this way, cybercriminals can obtain the bank credentials and the password of all the services that the user uses
Recommended Posts