Proofpoint Security Researchers have divulge a new malware exploit kits which specifically target Google Chrome users running Windows based computers.

adware chrome 1024x536 Chrome Font.exe : New Malware Target Google Chrome Users.

The campaign was first detected last month in December 10, 2016 .The malware is based on EiTest Chain .

“EITest” is catalogue infection chain that depend and strike on compromised websites.The malware redirect users to exploit landing pages. EITest has been involved in information stealing, ransomware and many other malware attacks .

EITest is best know for its longevity as its believed to transcripted back in 2014

  • Step 1: Victim host views a compromised website with malicious injected script.
  • Step 2: The injected script generates an HTTP request for an EK landing page.
  • Step 3: The EK landing page determines if the computer has any vulnerable browser-based applications.
  • Step 4: The EK sends an exploit for any vulnerable applications (for example, out-of-date versions of Internet Explorer or Flash player).
  • Step 5: If the exploit is successful, the EK sends a payload and executes it as a background process.
  • Step 6: The victim’s host is infected by the malware payload.
Proofpoint, Inc researchers explained that the new malware target google Chrome browser.When a visitor land on the exploit page, the injected code display an alert , which make the page data and text unreadable creating a fake alert. Since the “X”  notification doesn’t close alert, users tend to click on “Update” button.
chrome exploit hacks 1024x768 Chrome Font.exe : New Malware Target Google Chrome Users.

The pop up chrome tab come with Google Chrome’s logo and button styles, it make the exploit more legitimate .

This allow the malware to download and install a file which appear like Chrome_Font.exe which is label as ”Fleercivet” by Microsoft .

Google plans to roll out "Proactive Assistance" - Once released, Google Home will show you reminders about your daily grind

According to Proofpoint that scheme work like

The infection is straightforward: if the victim meets the criteria – targeted country, correct User-Agent (Chrome on Windows) and proper referer – the script is inserted in the page and rewrites the compromised website on a potential victim’s browser to make the page unreadable, creating a fake issue for the user to resolve. 

(Trojan.Fleercivet ) the ad fraud malware depend to be click and install  which make it hard for Hackers to make any conversions or install malware with this exploit kit yet they attempt to conceive new strategies to trick user to install malware.