Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with RansomwareFebruary 24, 2017 – 8:57 PM
We’ve seen social engineering attacks manipulate users time and time again. From phishing emails, to baiting attempts – this breed of cyberthreat has continued to manipulate users for years. And now a new scam has emerged that utilizes a fake update on Google Chrome to trick users into downloading and infecting themselves with the infamous Spora ransomware.
So why is this attack seeing such easy success? Believe it not, Hoefler Text is, in fact, a real font, adding a sense of legitimacy behind the scam. However, the malware has primarily seen so much success due to its ability to fly under the radar, as it does not get flagged as an infection by a variety of security programs.
What’s worse is that this isn’t the first time this has happened – delivery of malware through the EITest redirect gates has been around since at least 2014. Additionally, the infected sites and samples change all the time and simply blocking URLs, domains, and IP’s at the perimeter would just be playing “whack-a-mole.”
In fact, EITest gates are typically used in combination with the RIG, Angler, and Sundown EK’s to redirect victims to quite a few ransomware strains, including Spora, CryptoShield, CryptoMix, and Cerber, as well as banking Trojans and various other malware types.