Published On: Thu, Feb 2nd, 2017

Remember Malware Campaign Targeting Chrome Users? Now Encrypts Victim Data with Ransomware

Only a few weeks ago, we common with a readers a malware debate that was targeting Chrome users on Windows computers. First speckled in Dec 2016, a debate uses a infamous EITest sequence that has been used in multiple exploit kits leading to temperament theft, ransomware and other kinds of attacks. While earlier, it was usually targeting Chrome users with malware, latest investigate has speckled a same debate now dropping ransomware, holding user information warrant for ransom.

Fake “Chrome Font” conflict is now dropping ransomware

Security researchers at Proofpoint had minute final month a malware targeting Chrome users on Windows. They common how a EITest squad initial hacks legitimate websites and afterwards supplement JavaScript formula that will means a page to arrangement a cocktail adult alert. This alert, that asks we to download a Chrome Font Pack, creates a page calm mysterious given we can’t use a “X” symbol to tighten it. This ensures that some-more users tumble for this trap.

Using amicable engineering tactics, a debate has gifted some changes lately. Brad Duncan of Palo Alto Networks has reported that a final cargo has now been transposed with the Spora ransomware. While a infection resource stays same, a debate now encrypts plant information and final ransom.

In a progressing version, a debate was installing a record named Chrome_Font.exe, downloading a trojan called Fleercivet.

Now, a record has been renamed to Update.exe, that is an installer for a Spora Ransomware. Once a user launches this executable, Spora will start to encrypt victim’s data.

There is, however, a good news. The ransomware debate requires a plant to not usually download though also manually govern a file. Since it uses central Google fonts and style, there is a high possibility of this debate tricking oblivious users in installing a executable file. Once we double-click a exe file, cruise your information taken.

Currently, there is no approach to decrypt a warrant files encrypted by Spora Ransomware for free. But, interjection to researchers actively gripping adult to date with a expansion of this malware, hopefully, some-more users are now wakeful of this ransomware. Again, tighten any websites that uncover we a popup observant we need to download or refurbish Chrome Font Pack – usually brings bad news.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>