Roboto Font Condensed install malware on your computer
The message lacks a fake Roboto Condensed font that requires users to update and install it to put malware on your computer.
The new MalwareBreakdown security researcher published an analysis of a new type of SocEng (technical method of breaking into the system) forged EITest HoeflerText. When a user visits the infected site, he / she will see a message saying that the Roboto Condensed font cannot be found and requires the user to download and install this font package to view the page. If installing one of these font packages, the computer will be infected with Trojan poisoning, monitor computer activity and dig mines.
How does the attack through the Roboto Condensed font work?
To perform this type of attack, it is necessary to first hack a website and edit it so that the JavaScript code is added to each page on the website. When the script has been executed, it will make the text on the page be scrawled, looking like it is missing a font. JavaScript will display a dialog box saying that you need to download the font package to continue viewing the page.
Below is an example of this scenario.
Examples of JavaScript snippets are inserted into the web page
Visit this hacked site, you will see the word is distorted and unreadable. However, this scenario does not always work smoothly on hacked pages. For example, in the article of MalwareBreakDown, https://malwarebreakdown.com page displays text with nonsense characters.
Update Roboto Condensed font to continue viewing the page
But on another hacked page, the page still displays normal text.
The text displayed normally on the page has been hacked
If you use Chrome, the font download will be called Chrome Font Pack. If using Mozilla, it will be named Mozilla Font Pack.
Font download notification on Firefox Mozilla
Once you click Update, the script will download the file called chromefp60.exe if you use Chrome or mozillafp60.exe if you use Firefox. At that time, the alert will turn into a save guide and install the downloaded file.
Instructions for executing, installing downloaded files
However, the good news is that the download is not automatic, but the victim must install it manually to be infected. The attacker hopes that by making text distortions and pseudo-warnings from the browser about missing fonts, they can trick users into running the file. Once the file is executed, the malware will be installed on the computer.
Font Roboto Condensed installing Ursnif malicious code, digging and downloading Trojans
According to MalwareBreakDown, the attacker behind Roboto Condensed Font Pack always rotates using different types of malware. Currently, these malware include digging tools for Monero mines, Trojan.Downloaders and Ursnif computer activity tracking malware. Although no good but most dangerous malware is Ursnif.
Ursnif silently runs in the background, while recording whatever you type on the keyboard, what web page you visit or if you copy any text to the clipboard. This can cause sensitive information about commercial transactions, user names - passwords, financial information .
Because an attacker who constantly changes malware types will install them on the user's computer, it will not be surprising if we see extortion in the future.
Chrome Font Pack warning text
The "Roboto Condensed" font was not found.
Những trang web bạn đang thử tải được hiển thị không đúng Hãy sửa lỗi lỗi và hiển thị tiếp, bạn có thể cập nhật "Chrome Font Pack".
Manufacturer: Google Inc. All Rights Reserved.
Current version: Chrome Font Pack 54.0.2785.89
Latest version: Chrome Font Pack 60.0.3112.90
Mozilla Font Pack warning text
The "Roboto Condensed" font was not found.
Những trang web bạn đang thử tải được hiển thị không đúng Hãy sửa lỗi lỗi và hiển thị tiếp, bạn cần cập nhật "Mozilla Font Pack".
Manufacturer: Mozilla Corporation.
Current version: Mozilla Font Pack 53.0.2785.89
Latest version: Mozilla Font Pack 60.0.3112.90
You should read it
- How to install Google Roboto fonts on Windows, Mac and Linux
- Did you know: What is condensed milk made for?
- Signs that your computer is infected with malware
- 5 tips to help detect signs of malware
- Fileless malware - Achilles heel of traditional antivirus software
- The US government network is infected with malware by employees watching adult movies during the hour
- Check Malware malware for computers with Malwarebytes Anti-Malware
- The malware detection is extremely dangerous, unable to destroy even if the operating system is reinstalled and the hard drive is replaced
- Discover a new kind of malicious code that can record the phone call to extort money
- New discovery of the first version of Stuxnet malicious code
- Researchers create malware based on artificial intelligence
- Microsoft: 100% of PCs in Vietnam are infected with malware
Maybe you are interested
What is WannaCry, how to prevent Wanna cry for computers How to insert Textbox in Excel How to recover data encrypted by WannaCry malicious code Instructions for creating chat groups on Facebook 9 'unwritten' principles of Warren Buffett Decode the parachute to a speed of 1.357.6 km / h, surpassing the speed of the Austrian athletes