HoeflerText Malware: How to Stay Savvy in the Internet Jungle

Mozilla Firefox users, the HoeflerText malware is back and this time, it’s targeting you.

MALWARE

Several months ago, Google Chrome users were the target of a vicious malware scam. When visiting a targeted website, an official looking Chrome message popped up indicating:

“The ‘HoeflerText’ font wasn’t found. The web page you are trying to load is displayed incorrectly, as it uses the ‘HoeflerText’ font. To fix the error and display the text, you have to update the ‘Chrome Font Pack’”.

Unaware this wasn’t an official message, users clicked the update button and received additional information regarding how to update their Chrome fonts. Malware developers determined this error message was being used by cyber criminals to spread Spora ransomware, which comes with active infection channels, sophisticated ransom payment service, and advanced crypto. The virus was discovered and a “fix” was defined, but not before thousands of Internet users were infected. Well, the malware attack is back again, only this time, it’s targeting Mozilla Firefox users.

What Mozilla Firefox Users Need to Know

The latest malware campaign, as discovered by Kafeine, a Proofpoint exploit expert, especially targets Mozilla Firefox users who have the banking trojan Zeus Panda. Fortunately, the cyber attackers left some easily recognized evidence behind; they kept the HoeflerText font name the same.

Here’s a little bit about how this attack works:

  • These attacks only target users visiting websites that have already been compromised.
  • The user is then scanned to see if they meet certain specifications. If they do, the web page is rewritten, and the screen looks distorted.
  • The “‘HoeflerText’ font wasn’t found” message looks convincingly like an official Mozilla message. Users are persuaded to download and install the latest “Font Pack” version. Once the “Update” button has been clicked, the attack has been launched.

Once the user’s system has been infected, Zeus Panda is set to automatically launch when the user signs in. The command and control center is then notified to forward information regarding the infected device’s firewall and antivirus information. Panda, the online banking trojan, has targeted banks in North America, Europe, and Brazil. Its target is bitcoin exchanges, online betting accounts, bankers, airline loyalty programs, and online payment providers. If these recent attacks have proven anything, however, it’s that virtually everyone is at risk.

To safeguard yourself against this type of cyber attack, it’s critical that you’re careful about what you download from the Internet. If a window pops up indicating a new version of anything is required, go directly to the developer’s site to ensure authenticity. If no updates are found, contact the developer immediately. Additionally, keep your computer’s antivirus software updated at all times. Cyber criminals are becoming increasingly more advanced in their methods of delivery; it’s up to us to exercise caution and protect ourselves.