Warning over Google Chrome scam that could infect your computer with malware


Security researchers have issued a warning about a Google Chrome scam designed to infect the computers of unsuspecting users with malware.

The scam works by tricking you into thinking you need to install an important component that is missing from your version of Google Chrome.

In this case, the component is a “missing font” with hackers creating a malicious script that replaces any text on a webpage with symbols and other random fonts.


You are then presented with a warning message that looks very realistic, incorporating Google’s official colours and branding.

The warning says “HoeflerText font was not found” and urges you to update the “Chrome Font Pack”.

The scam was discovered by Mahmoud Al-Qudsi from cybersecurity firm NeoSmart Technologies.

Writing on his blog, Al-Qudsi said: “This attack gets a lot of things right that many others fail at. The premise is actually believable: the text doesn’t render, and it says that is caused by a missing font (a real font, by the way), which it then prompts you to download and install.

“The usage of a clean, well-formatted dialog to present the message with the correct Chrome logo and the correct shade of blue for the update button. The shape of the update button seems correct, and the spelling and grammar are definitely good enough to get a pass.”

What makes matters worse is that the file that downloads when you click on “Update” is not recognised by most antivirus software, including AVG, Bitdefender, Windows Defender, Kaspersky and McAfee as being a virus.

So how can you stay safe?


As NeoSmart Technologies points out there are a couple of tell tale signs that should alert users, but you’ll really need to keep your eyes peeled in order to spot them.

First up, the dialog window displays that the user is running Chrome version 53 and displays this for all users, regardless of what version of Chrome you are actually running.

Secondly, when a you click on “Update”, a file called “Chrome Font v7.5.1.exe” will start to download. This is different from the file named in the warning message which is titled “Chrome_Font.exe.”

Full details of the scam can be found on the NeoSmart website.


Comments are closed.