I was visiting an old friend’s blog and a window popped up that said HoeflerText font wasn’t found and gave me the chance to install it. So I did. But nothing’s changed? What’s going on?
Uh oh, by “installing” the missing font you probably just installed some malware on your Windows PC computer, I’m sorry to report. In fact, what you bumped into is an ingenious virus attack that looks so legit, it’s understandable that people are falling for it left and right. But here’s the thing: There are no fonts missing from Google Chrome and if you did have one missing, it’d automatically (and quietly) choose a different one instead.
I completely understand how you can be tricked by this particular attack, however, because I had to look twice and really think about how Chrome works before I realized the nefariousness of the attack. Let’s have a closer look…
So you’re visiting a Web site that has already been infected with software that causes the pop-up to show up, sometimes with a line or more that’s “messed up” or otherwise reinforcing that yeah, you might well have a missing font! Then this shows up:
It certainly looks legit, and HoeflerText is a real typeface (well, Hoefler is, at least). So you see “The HoeflerText font wasn’t found.” and you believe it and click on the blue “Update” button, just to see this:
As you can see, they’ve nailed the exact wording and imagery, even to the point of including the Chrome logo on the top right and the exact blue of other Google Chrome buttons with the “Update” button. More convincing, when you look on the lower left of your browser, sure enough, there is a download happening with the exact matching name:
Oh sure, there’s a warning message from Google Chrome itself, but are you going to believe that, or are you going to keep moving forward, just wanting to fix the missing font problem? Most people will simply upload the virus and my guess is that it even has a “font installed” message when it’s done injecting malware into your poor Windows computer.
Mac users, I’ll note, aren’t at risk because a “.exe” file is a Microsoft Windows executable.
So if you’re worried about something being broken in a situation like this, I encourage you to simply re-install Google Chrome from the official Google download link. otherwise, take your time with downloads, be skeptical of even the most legit sources, and keep your anti-virus software up to date!