javascript contador Skip to content

If Chrome tells you that a font is missing, be careful, they can infect you

If Chrome tells you that a font is missing, be careful, they can infect you

If Chrome tells you that a font is missing, be careful, they can infect you

A message that a font was not found in Chrome is tricking users into installing a virus.

The bad thing about malware is that it evolves; When we think they can’t catch us, the rules change and we are caught offside. At least, in terms of computer security, there is a rule that always works; never install something if you don’t know for sure what it is.

It seems like something that anyone with two fingers in front is capable of understanding; but you will be surprised at the number of advanced users who still press install when they shouldn’t.

A font was not found in Chrome, the message you have to ignore

Attackers have learned to trick users, with messages that seem professional; This is the case of the latest attack vector discovered by security expert Mahmoud Al-Qudsi.

The attack was discovered while the expert was browsing an insecure page built on WordPress; for some reason, the page was not displaying correctly.

The text consisted of the characters that usually appear when there is an error. Specifically, the teacher (if you can call it that) of the attack is that It is an effect very similar to what happens when we lack a source in our system.

You may have seen it before, especially if you have visited pages written in other languages; When a program is unable to render the font it should be using, it may display strange characters. You can see a similar effect by opening an image with the text editor, for example.

Why this attack works so well

So the user who opens the page may think that he is missing a font or that he has some problem; Fortunately, a message that a font was not found in Chrome appear. Apparently, we have not updated Chrome and therefore the page does not display correctly.

We just have to click on Update and the update will be downloaded that will allow us to see the page as it should look. True? Of course not, by doing that we will only get infected with viruses and all kinds of malware.

Unlike other types of attacks, this one stands out for how well posed it is. The style of the message is appropriate and the design is in accordance with the design of Google Chrome; even the refresh button is in the same color used in Google apps.

But more importantly, it presents a problem and a solution. The attack is actually simple; A Javascript code changes the content of the web to those strange characters. Thus, for the user it is plausible that there is a problem.

It goes without saying that if you come across this message, you should ignore it and close the website you are visiting.