Malspam pushing Locky ransomware tries HoeflerText notifications [source: sans.edu]

During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware.  In recent days, I’ve noticed multiple waves of malspam every weekday.  It gets a bit boring after a while, but as 2017-08-31 came to a close, I noticed a different technique from this malspam.

Today’s malspam had links to fake Dropbox pages.  If you viewed the pages in Chrome or Firefox, they showed a fake notification stating you don’t have the HoeflerText font.  These fake notifications had an “update” button that returned a malicious JavaScript (.js) file.  These .js files were disguised as a font library.

Of note, I was unable to get any malware when using Internet Explorer or Microsoft Edge.

For more, click here.

Share