It is interesting from a purely scientific angle how attackers come up with new methods and schemes to distribute malicious payloads on to user systems.
The “HoeflerText” font wasn’t found is a recent attack that changes website text so that it looks as if a font is missing, to get users to download and install an alleged update for Chrome that adds the font to the system.
I talked about this on the private Ghacks forum for supports back in January already. The first report about the attack came from Proofpoint to my best of knowledge.
The report reveals in detail how the attack works. Most of the technicalities behind the attack are probably not that interesting to the average Chrome user, so here is a short overview of the important tidbits:
The popup is made to look as if it is an official prompt from the Chrome browser itself. It features a Google logo, and reads:
The “HoeflerText” font wasn’t found.
The web page you are trying to load is displayed incorrectly, as it uses the “HoeflerText” font. To fix the error and display the text, you have to update the “Chrome Font Pack”.
It displays (fake) manufacturer and Chrome Font Pack version information as well. A click on the update button downloads an executable file (Chrome_font.exe) to the system, and changes the popup to display information on how to run the executable file to update Chrome fonts.
Note: The prompts, name of the missing font that is used in the attack, and the file name may be changed at any time by attackers. It goes without saying that you should not click on the update button, nor install the downloaded executable file if you have done so.
The only option you have is to wait until the site owner fixes the website to remove the malicious scripts running on it. Once done, it should go back to normal provided the cleaning was thorough.
If you need to access the site immediately, check out the The Wayback Machine to find out if an archived copy of it exists.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.