The China Post news staff
TAIPEI, Taiwan — If you’re using Google Chrome and come across a pop-up window saying that it can’t display a specific font and requesting to update your browser, do not click on it.
Trend Micro Inc., a leading global software security company says the pop-up requesting Internet users to update their Google Chrome could be a new type of ransomware, SPORA V2 (RANSOM_SPORA.F117C2).
SPORA v2 infects a user’s system when they click a Google Chrome popup advertisement, allegedly to update the “Chrome Font Pack” to properly display the “HoeflerText” font.
If the user clicks on the ad, it will lead to a URL that contains a malicious program disguised as a legitimate one. Once the malware is run, it will then proceed to infect the user’s computer, for example, encrypting user files such as images and Microsoft Word documents so that the user is unable to access them.
After encryption, the virus will display a ransom note, which comes with a unique machine-specific file name using the following format: XXOOO-AAAAA-BBBBB-CCCCC-DDDDD.html, with the first two letters (XX) being the 2-digit country code. The rest of the letters are randomized and specific for each victim.