Following the news of the Google Chrome hack that prompts users to download “missing font” malware, Tod Beardsley, Research Director at Rapid7 commented below.
“The “HoeflerText font not found” malware lure, which targets Google Chrome users on Windows, continues to make the rounds via compromised WordPress sites. This attack was first documented by researchers at Proofpoint in mid-January, and gets a lot of design elements right where other malware lures fail. The prompt is disguised as a seemingly-legitimate popup sourced from the browser.
So far, the attacks appear to be limited to compromised WordPress sites — a field that is, unfortunately, rich with targets. While most WordPress vulnerabilities are actually found in non-standard WordPress plugins, a rather serious vulnerability was patched in the 4.7.2 release of the WordPress core engine in late January.
Operators of WordPress sites are urged to patch up to at least version 4.7.2 as soon as possible, since the vulnerability discovered by Sucuri can be exploited by attackers to arbitrarily rewrite any post hosted on a WordPress site, including the ability to inject malware lures such as the missing HoeflerText font attack.
Chrome users should be aware that legitimate warnings from the Chrome browser will never appear as overlays to a web page. Specifically, Chrome does not offer any functionality for prompting for a missing font download, and all such prompts are sourced from malware or malvertising campaigns. In the rare cases the browser needs to communicate a security or misconfiguration warning to the user, these warnings will appear as a full, replacement page, such as the familiar “Your connection is not private” warning for misconfigured SSL certificates.”
Google Chrome Hack
Following the news of the Google Chrome hack that prompts users to download “missing font” malware, Tod Beardsley, Research Director at Rapid7 commented below.
Tod Beardsley, Research Director at Rapid7:
So far, the attacks appear to be limited to compromised WordPress sites — a field that is, unfortunately, rich with targets. While most WordPress vulnerabilities are actually found in non-standard WordPress plugins, a rather serious vulnerability was patched in the 4.7.2 release of the WordPress core engine in late January.
Operators of WordPress sites are urged to patch up to at least version 4.7.2 as soon as possible, since the vulnerability discovered by Sucuri can be exploited by attackers to arbitrarily rewrite any post hosted on a WordPress site, including the ability to inject malware lures such as the missing HoeflerText font attack.
Chrome users should be aware that legitimate warnings from the Chrome browser will never appear as overlays to a web page. Specifically, Chrome does not offer any functionality for prompting for a missing font download, and all such prompts are sourced from malware or malvertising campaigns. In the rare cases the browser needs to communicate a security or misconfiguration warning to the user, these warnings will appear as a full, replacement page, such as the familiar “Your connection is not private” warning for misconfigured SSL certificates.”
Recent Posts
Geographic Solutions Ransomware, Experts Weigh In
Almost Half Of UK Organisations Now Encrypt All Data, According To Annual Apricorn Survey
Your Comments On Macmillan Ransomware Attack
45% Of Financial Services Customers Are Very Comfortable Using Non-Password Login Methods, Are You?
Cybersecurity Leaders Are Anticipating Mass Resignations Within The Year – Here’s Why