Spora Ransomware Spreads Via Fake Chrome Font PackDon't click update.exe if it pops up in your broswer
There’s a new malware in town called Spora. This one tricks you into installing it by making websites you visit unreadable.
How this Spora attacks you:
- You visit an infected website.
- You see the text is unreadable (it looks like something might be wrong with the fonts)
- A message pops up that says The “HoeflerText” font is missing and offers a program that can fix it.
- If you click on this file “Update.exe” you have been infected.
How do you avoid the Spora malware?
If, while browsing a site, you can’t read the type, and if you get a popup which mentions an error with the fonts… Close your browser. Do not visit that site. If you happen to know the company or website this has occurred on, send them an email or contact them to inform them that they might have been hacked.
Some more detailed information on how Spora works
Palo Alto Networks threat intelligence analyst Brad Duncan reported that Spora, a powerful new ransomware strain that is able to encrypt files without communicating to a command and control server is using social engineering attack vector using fake “Chrome Font Pack” Pop ups.
Most Ransomware spreads either through spam and email attachments or malvertising. Spora uses Exploit Kits that use unpatched vulnerabilities in both browsers and operating systems.
Spora’s evin geniuses have compromosed multiple website that turn the websites pages into unreadable text and tell visitors that the “Hoefler Text” font is missing and that they can fix this by downloading the “Chrome Font Pack”
People then download and install the malicious code by double-clicking the update.exe file which kicks off the malicious code. The bad guys even provide help by showing where the victims can find the install files. More technical detail at Palo Alto.
Have you been infected?
We can help you create a plan that protects from Ransomware and gives you the ability to recover in case you do get infected.