New Malware Attack Specifically Targets Google Chrome Users Visiting WordPress Sites

A new malware attack is targeting Google Chome users who visit WordPress sites. And it’s a pretty simple one. News of the hack first came from NeoSmart Technologies, where they announced it in a blog posting last week.

Instead of the usual methods, this malware infection takes a more smooth approach. Here’s how it works: hackers use a JavaScript program to garble text on a WordPress site. When users visit that site, they’ll see the mangled text and get a notification they need to download a language pack. The problem, the site says, is that the user is missing the “Hoefler” font (which is a real font).

An authentic looking dialogue box with Google Chrome logo pops up, encouraging the user to download the update. While many malware attacks have faulty grammar and spelling that makes them immediately recognizable, this one is spot on perfect. It looks absolutely real.

Of course, when the user clicks on the update button, they don’t get a font. A prompt says the file is named “Chrome Font v7.5.1.” but since the file hasn’t been added to Google’s browsing blacklist yet, it doesn’t trigger as malicious. Users get a notification that “this file isn’t downloaded very often,” but that’s it. Still no immediate signs that this is malware. Finally, the file looks like a legit .exe file, even though it isn’t.

A good anti-malware program should be your first line of defense, NeoSmart warned, but this malware is so clean that only a few anti-malware programs stopped it. It even made it past Windows Defender and Google’s own protection.

It’s not clear yer what exact data this malware is after, or the damage it does. But the takeaway from this is to be leery of anything that asks you to download a language pack. If you run your own blog through WordPress, this is one you certainly want to be aware of.




Be the first to comment on "New Malware Attack Specifically Targets Google Chrome Users Visiting WordPress Sites"

Leave a comment

Your email address will not be published.