Google Chrome users could be lured into downloading malware disguised as a fix for corrupted fonts, according to a recent report.
Malicious hackers are breaking into poorly-protected websites, according to research by the security firm Proofpoint, and inserting JavaScript that waits for Chrome browsers to be referred to the sites via search engines. The script then inserts unrecognized characters that break the font rendering on the webpage, making all text unreadable.
At that point, a fake Chrome dialogue box pops up, informing users that they need to download a file that looks like a font installer package.
But the "font" in this case is really click-fraud adware, which loads hidden ads and clicks on them automatically, putting money in the pockets of those responsible for that malware, explains Bleeping Computer. That sort of adware isn't terribly dangerous, but the criminal crew behind this scheme have unleashed far worse things in the past, such as encrypting ransomware.
More From Tom's Guide
Luckily for Mac users and non-English speakers, only users of the Chrome browser on Windows in Australia, Canada, the United Kingdom and the United States currently are being targeted, according to Proofpoint. But it wouldn't take much adjustment to retool this campaign to fit other platforms and other countries.