A TechGlyphs web by milankantony

Chrome missing font prompts, malicious files trick.

✔✔✔rating
New hacking tactic on Google Chrome that manipulates websites into displaying missing font prompts, which then trick users into downloading malicious files.The attack involves a hacker exploiting JavaScript to alter the rendering of content on a webpage, causing it to resemble mis-encoded text which appears as a jumble of symbols and shapes. The code then prompts the user to download the missing fonts through a Chrome language pack to decipher the text.

The attack involves a hacker exploiting JavaScript to alter the rendering of content on a webpage, causing it to resemble mis-encoded text which appears as a jumble of symbols and shapes. The code then prompts the user to download the missing fonts through a Chrome language pack to decipher the text.




A savvy user will know what version of Chrome they are running, in this case version 56, however the prompt has version 53 hard-coded into its dialogue. It also features a rather conspicuous 'X' in the top right corner, which gives the game away

 It also slips by Windows Defender, and a check of virus scanning database VirusTotal reveals that only nine of 59 recorded antivirus scanners are able to correctly identify the file as malware.

0 comments:

Post a Comment

Recommend for you



Most Read

Blog Archive

Scroll To Top