Spora virus preys on new victims via fake Chrome Font Pack update

While looking for new sources of inspiration, cyber villains have pointed their daggers at Chrome again. Recently widely-discussed Spora virus was spotted spreading as counterfeited Chrome Font Pack update. The gearheads aim at the community of Chrome, the most popular browser. It suggests that the cyber criminals are serious about infecting virtual masses. In the horizon of this new threat, you might only ask one question: how to avoid this cyber menace?

If you have never heard of Spora virus, let us briefly introduce it. It has been detected in the beginning of 2017. The virus possesses several distinct features. It does not append any file extensions but instead places all technical encryption data in the .key file. Furthermore, it uses the services of exploit kit to perform its hijack. What is more, the authors reveal to be the keen users of EITest technique. It serves as an intermediary redirecting code. Once injected in the targeted web page, it misguides users to the websites possessing the exploit kit. Then it becomes a matter of seconds when it advances further with the infiltration. The same method was applied in this case as well. Luckily, odd Chrome Font pack update caught Brad Duncan‘s, virus researcher, attention. Once a user sets foot on the compromised website, it transforms into the image of unreadable programming language. Within seconds, a message pops up stating that Chrome Font Pack needs to be installed. The following message claims that HoeflerText font wasn‘t found and the respective update needs to be installed. After clicking on the link, you will only found yourself caught in the grip of menacing Spora virus.

Luckily, such frightening technique might be stopped if you decline to install unknown browser plug-ins. It has been observed an increasing tendency among hackers to use various plug-ins and browser extensions to deliver their malware. Observing the characteristics of Spora, more speculations arise that notorious Cerber disguises under the image of Spora. EITest technique has also been employed by the latest version of CryptoMixCryptoShield 1.0 virus. It seems that 2017 will become another important period of time in the new cyber security era. The current example, as well as the case of Charger ransomware, which poised itself as a battery-saving tool in Google Play store, suggest staying vigilant.

About the author
Julie Splinters
Julie Splinters - Spyware and malware removal expert

Contact Julie Splinters
About the company Esolutions

Read in another language