Just recently, we discussed a massive spam campaign that served approximately 23 million ransomware-laden email letters. Locky crypto-virus was the infection that hackers were attempting to distribute. Despite being great in the amount of sent infectious letters, this strategy was not unusual for Locky, or ransomware samples in general. Deceptive emails are one of the most popular techniques of distributing malware. However, tactics that are not so straightforward are also occasionally adapted to transmit crypto-viruses.
“HoeflerText” pop-up: what is it and what can it do?
“HoeflerText” pop-up has been around for quite some time and it has always been observed as a trouble-maker. In a variety of cases, crypto-viruses had been distributed via these alerts. To be more clear, we have to emphasize that presented messages did not contain actual payloads of ransomware. Instead, they only distributed downloaders, ready to implant ransomware viruses soon after arrival into operating systems.
Although security experts do warn that notifications from unknown sources can indeed infect people with all sorts of malware samples, people tend to neglect this warning.
If you are a user of Google Chrome or Mozilla Firefox, you might have noticed this pop-up, stating that the page about to be accessed won’t be presented correctly due to a flawed “HoeflerText” font. On the other hand, people who enjoy exploring the Internet via Internet Explorer and Microsoft Edge will be introduced to different pop-ups even though the same malicious websites are visited. To our knowledge, IE and ME will display technical support scams.
However, this is not the only disturbing virus that the “HoeflerText” pop-up can be distributing. As it appears, NetSupport Manager Remote Access Tool can be implanted into devices as well after the “Update” button is clicked. Brad Duncan from Palo Alto Networks is the security researcher who posted a blog post, explaining the discovery about websites, impacted by EITest campaign.
His focus was directed towards the fact that “HoeflerText” pop-up did not transmit ransomware, but RAT. According to the researcher, this strategy might more beneficial to hackers and has more prospects. Therefore, you hope you won’t be tempted to download updates that these pop-ups suggest!