Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware
#1
In The Name Of Allah
Al-Salam Alekum
Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware


Google Chrome with 2 billion active users is the most used web browser in the world. At the same time, Firefox has over 1 billion active users making these two perfect and lucrative targets for hackers and cyber criminals.
Recently, Brad Duncan, an IT security researcher discovered a campaign called “EITest” targeting unsuspecting Chrome users that end up delivering RAT malware on a targeted Windows device.
EITest campaign was first discovered back in 2016 infecting users with ransomware like Mole and Spora by tricking users into downloading “fake Google Chrome missing font” through pop ups on compromised WordPress websites. But since August 2017, the campaign has made some changes as it aims at distributed NetSupport Manager remote access tool (RAT).

In the latest campaign, the distribution method for the malware remains that same; i.e., through compromised websites, the malicious code is disguised, and as the victims try to modify the text, the malware gets installed on the computer.
Once a user visited the compromised site, it comes up with a popup message stating that the website is only viewable in “Hoefler Text” font which can be installed by clicking the “update” tab. As shown in the screenshot below the pop-up states: “The HoeflerText font wasn’t found. The webpage you are trying to load is displayed incorrectly, as it uses the “Hoefler Text” font. To fix the error and display the text, you have to update the “Chome Font Pack.”
Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware


Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
Reply The following 1 user Likes Mr.Kurd's post:Mr.Kurd's post


Possibly Related Threads…
Thread Author Replies Views Last Post
Wink News Mozilla Firefox 75 Is Out With Fixes For RCE vulnerabilities Mr.Kurd 0 444 04-13-2020, 01:13 PM
Last Post: Mr.Kurd
Wink News A Twitter Bug Allowed Firefox To Store Cached Files Shared Via DMs Mr.Kurd 0 404 04-05-2020, 09:07 AM
Last Post: Mr.Kurd
Wink News Firefox 74 is out: Here are the key changes and features Mr.Kurd 0 322 03-11-2020, 06:57 AM
Last Post: Mr.Kurd
Wink News Google patches Chrome zero-day under active attacks Mr.Kurd 0 383 02-25-2020, 06:09 PM
Last Post: Mr.Kurd
Exclamation News Mozilla Firefox 73 Browser Update Fixes High-Severity RCE Bugs Mr.Kurd 0 441 02-12-2020, 09:10 PM
Last Post: Mr.Kurd
Big Grin News Google’s Chrome 80 clamps down on cookies and notification spam Mr.Kurd 0 501 02-06-2020, 01:55 PM
Last Post: Mr.Kurd
  News Stop everything. Update Firefox now Mr.Kurd 1 504 01-09-2020, 05:06 PM
Last Post: Mr.Kurd
  News New Ransomware Shows Off Its Abilities: Mad-Architect 0 446 11-21-2019, 05:18 PM
Last Post: Mad-Architect
  News Mexican Based Petrol Giant Hit With Ransomware: Mad-Architect 0 395 11-13-2019, 03:20 PM
Last Post: Mad-Architect
  News SmarterASP.NET Hit With Massive Ransomware Attack: Mad-Architect 0 431 11-11-2019, 04:43 PM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)