These days, the malware campaigns target System users with fake update notifications. It is now distributing the ransomware infection instead of ad fraud malware. First of all, the malicious campaign launched on December 10, 2016, that was initially observed dropping the Fleercivet ad fraud malware. The malicious campaigns tied to EITest compromise chain which is mainly associated with an exploit kit activity.
The campaign was targeting the Chrome for Windows users with clever social engineering tactics such as inject malicious codes into the compromised site would fingerprint visitors. If certain criteria were met, it makes the text on a page to look unreadable and display fake alerts to inform users that they need to install a font pack update to view content.
Know how Fake Chrome Font Update Attack works
When the user clicks on the Update button, it will automatically download Update.exe file and save it to default download folder. Then cyber hackers show you a helpful screen that tells you to find and execute the program.
In the previous Chrome pack campaigns, Update.exe was called Chrome_Font.exe and install the Ad Clicking Trojan called Fleercivet. This text file is actually an installer for Spora Ransomware. Once the executable file is launched, the Spora ransomware will begin encryption process and makes data unusable. On the completion of encryption procedure, it will display a ransom note and ask the user to make payments.
At this time, unfortunately, there is no any way to decrypt the files that encrypted by Spora Ransomware for free. If you constantly see a pop up on a page stating that you need to download a Chrome Font Pack then you should immediately close the browser and not visit the site again. Such type of an alert is just an indication that something is wrong with your site and it should be avoided.