For many of our readers on Chromebooks and Chrome OS, this doesn’t really apply. However, many Chromebook users also operate from Windows or Mac OS devices too, and if you are running Chrome on those, this is a serious threat that needs your attention.
How It Works
First, the hackers inject some malicious code into a compromised website. That code does a couple things.
First, it renders all the fonts on the page as symbols that are not legible. It then presents visitors with a pop-up message that, for all intents and purposes, looks like a legit message from Chrome. You can see in the pic below that visitors are next informed to install a missing font so the page can render properly.
The real genius here is the pop up looks legit and contains some info on your Chrome version, etc. to make it look even more legit.
Many folks don’t really pay attention to such things and this little bit would only serve to further convince an unsuspecting visitor that there is something legitimately missing.
Upon clicking that update button, the visitor then downloads malware onto their machine and is compromised. And as of this post, only a handful of anti-virus programs are identifying this as malicious.
How To Help
If you want to help, simply sharing this post (or the others like it) will help get the word out. I can’t find any specifics on what this actually does when downloaded and installed, but I can guarantee it isn’t good.
So share and help.