How is the “font wasn’t found” scam performed?
As reported, the user can’t see the page he is on normally as it is unreadable and covered in weird symbols. The user is then tricked into updating “Chrome’s language pack” for the text to be rendered and displayed correctly. This is what the researcher wrote regarding the authenticity of the scam:
The usage of a clean, well-formatted dialog to present the message with the correct Chrome logo – and, more importantly, – the correct shade of blue for the update button. The shape of the update button seems correct, and the spelling and grammar are definitely good enough to get a pass.
However, there are several inconsistencies during the download and installation process that a trained eye with notice instantly. Unfortunately, most users don’t pay enough attention to the details and are easily fooled into downloading the alleged language pack. What is worse is that neither Chrome nor Windows Defender will flag the downloaded file as malicious. When the scam was discovered just a small number of AV programs were able to detect it.
Luckily, 37 of the 58 engines on VirusTotal detect it now.
This is not the only scan currently targeting Chrome users. A bogus browser extension has also been reported to push unsuspecting users to compromised pages via malvertising tactics. The end goal is to prompt victims to install the bad extension as there is no other way to leave the website. There is no other available option, plus the browser is flooded with a loop of full screen modes.
The extension is basically redirecting users to unwanted programs, fake ads and more scams. If the victims try to visit a website whose domain has a keyword such as “virus” or “avscan”, the will be redirected to a fake Microsoft security warning that belongs to a tech support scam.
Tech support scams have scammed too many users into giving away personal and payment information, among other negative outcomes. Windows Support tech support scams are the most popular ones.