Skip to main content

Don't Fall for This Evil Chrome Malware Scam

Google Chrome users could be lured into downloading malware disguised as a fix for corrupted fonts, according to a recent report.

Credit: Proofpoint

(Image credit: Proofpoint)

Malicious hackers are breaking into poorly-protected websites, according to research by the security firm Proofpoint, and inserting JavaScript that waits for Chrome browsers to be referred to the sites via search engines. The script then inserts unrecognized characters that break the font rendering on the webpage, making all text unreadable.

MORE: 33 Simple Ways to Prevent Hackers From Ruining Your Life

At that point, a fake Chrome dialogue box pops up, informing users that they need to download a file that looks like a font installer package.

But the "font" in this case is really click-fraud adware, which loads hidden ads and clicks on them automatically, putting money in the pockets of those responsible for that malware, explains Bleeping Computer. That sort of adware isn't terribly dangerous, but the criminal crew behind this scheme have unleashed far worse things in the past, such as encrypting ransomware.

Luckily for Mac users and non-English speakers, only users of the Chrome browser on Windows in Australia, Canada, the United Kingdom and the United States currently are being targeted, according to Proofpoint. But it wouldn't take much adjustment to retool this campaign to fit other platforms and other countries.

Althea Chang is Associate Director of Content Development for Consumer Reports and was previously a Senior Writer for Tom's Guide, covering mobile devices, health and fitness gadgets and car tech.