Cyber Attack

HoeflerText Popups Targets Chrome and Firefox Browsers To Push RAT and Locky Ransomware

Sharing is caring!

Last week security researcher Brad Duncan found different compaign to push NetSupport Manager remote access tool (RAT) and Locky ransomware using HoeflerText Popups. This is targeting to Google chrome and Firfox Users.

According ot Brad Ducan, malspam had links to fake Dropbox pages. If you viewed the pages in Chrome or Firefox, they showed a fake notification stating you don’t have the HoeflerText font. These fake notifications had an “update” button that returned a malicious JavaScript (.js) file.

These .js files were disguised as a font library. He was unable to get any