Several months ago, Google Chrome users were the target of a vicious malware scam. When visiting a targeted website, an official looking Chrome message popped up indicating:
“The ‘HoeflerText’ font wasn’t found. The web page you are trying to load is displayed incorrectly, as it uses the ‘HoeflerText’ font. To fix the error and display the text, you have to update the ‘Chrome Font Pack’”.
Unaware this wasn’t an official message, users clicked the update button and received additional information regarding how to update their Chrome fonts. Malware developers determined this error message was being used by cyber criminals to spread Spora ransomware, which comes with active infection channels, sophisticated ransom payment service, and advanced crypto. The virus was discovered and a “fix” was defined, but not before thousands of Internet users were infected. Well, the malware attack is back again, only this time, it’s targeting Mozilla Firefox users.
The latest malware campaign, as discovered by Kafeine, a Proofpoint exploit expert, especially targets Mozilla Firefox users who have the banking trojan Zeus Panda. Fortunately, the cyber attackers left some easily recognized evidence behind; they kept the HoeflerText font name the same.
Here’s a little bit about how this attack works:
Once the user’s system has been infected, Zeus Panda is set to automatically launch when the user signs in. The command and control center is then notified to forward information regarding the infected device’s firewall and antivirus information. Panda, the online banking trojan, has targeted banks in North America, Europe, and Brazil. Its target is bitcoin exchanges, online betting accounts, bankers, airline loyalty programs, and online payment providers. If these recent attacks have proven anything, however, it’s that virtually everyone is at risk.
To safeguard yourself against this type of cyber attack, it’s critical that you’re careful about what you download from the Internet. If a window pops up indicating a new version of anything is required, go directly to the developer’s site to ensure authenticity. If no updates are found, contact the developer immediately. Additionally, keep your computer’s antivirus software updated at all times. Cyber criminals are becoming increasingly more advanced in their methods of delivery; it’s up to us to exercise caution and protect ourselves.