Security

Don't fall for this new Chrome malware scam

File photo - A Google carpet is seen at the entrance of the new headquarters of Google France before its official inauguration in Paris, France Dec. 6, 2011. (REUTERS/Jacques Brinon/Pool/File Photo)

File photo - A Google carpet is seen at the entrance of the new headquarters of Google France before its official inauguration in Paris, France Dec. 6, 2011. (REUTERS/Jacques Brinon/Pool/File Photo)

Google Chrome users could be lured into downloading malware disguised as a fix for corrupted fonts, according to a recent report.

Malicious hackers are breaking into poorly-protected websites, according to research by the security firm Proofpoint, and inserting JavaScript that waits for Chrome browsers to be referred to the sites via search engines. The script then inserts unrecognized characters that break the font rendering on the webpage, making all text unreadable.

At that point, a fake Chrome dialogue box pops up, informing users that they need to download a file that looks like a font installer package.

But the "font" in this case is really click-fraud adware, which loads hidden ads and clicks on them automatically, putting money in the pockets of those responsible for that malware, explains Bleeping Computer. That sort of adware isn't terribly dangerous, but the criminal crew behind this scheme have unleashed far worse things in the past, such as encrypting ransomware.

Luckily for Mac users and non-English speakers, only users of the Chrome browser on Windows in Australia, Canada, the United Kingdom and the United States currently are being targeted, according to Proofpoint. But it wouldn't take much adjustment to retool this campaign to fit other platforms and other countries.