Have you ever noticed any abnormal web activity, while you are browsing for something using Firefox or chrome browser? If you had faced it, then there is chance for your pc to get infected with the ongoing Scam campaign. Recently, 'The 'HoeflerText' font wasn't found' - a malicious scam campaign has been threatening lot of firefox users to install a font package from the server. But actually, it wasn't a font package, it's a banking trojan named Zeus Panda to infect the online users.

Earlier, the actors threatened chrome users with the same malicious campaign and made many of its users to install the fake font package with Spora Ransomware. Now, attackers were revamped and redesigned the same campaign to target Mozilla firefox users. Proofpoint security researcher, Kafeine said, 'This time the campaign has been re-designed to target Mozilla Firefox users with a banking trojan, called Zeus Panda.The horrible mistake made by the hackers, who were behind this campaign is fail to rename the name of the font pack in firefox. Because of this flaw, the malicious scam campaign has been easily spotted by the researchers.'

How the campaign works?

While you're browsing something on your firefox browser, similar to ad campaign your handler will be landed into suspicious website with jumbled content, which will ask you update the firefox font pack by downloading a missing text font to read the article. This pleasing message will tempt people to update their 'Mozilla Font Pack'. Obviously, when the user clicks on the web page, it downloads Mozilla_Font_v7.87.zip from the malicious website to the victim's computer with a javascript file. In the meantime, set of instructions to install the package will be displayed via browser's screen. It asks the user to run the JavaScript file to install the missing font pack.

As soon as they downloaded and done everything as instructed, the software will download the malware payload (.exe) from a remote server. And it automatically runs it and inject the Zeus Panda, banking trojan into the targeted system. Last year, researchers found this banking trojan, which had targeted banks in Europe and North America and later on it got spread itself towards Brazil through three different exploit kits, including Angler, Nuclear, and Neutrino.After infecting the computer, the trojan contacts the command and control (C&C) server and sends the information about the victim from the device, including a list of antivirus and firewall installed on the PC.

And the trojan's main aim is to steal the banking user credentials including the information about bitcoin exchanges, payment card services and online payments providers, prepaid cards, airline loyalty programs and online betting accounts,

To avoid such scams, be careful with what you download. Be precise with your actions, what you do. And be attentive with your actions, while downloading anything from the internet. Apart from all, Maintain an updated antivirus package installed on your PC and don't ever believe those malicious scam campaign including this campaign, which will persuade you to update your Mozilla or Chrome Font pack.

#Kafeine #MaliciousScamCampaign #Firefoxusers #dailytuner #Techtuner