What is "HoeflerText font wasn't found" and how to deal with it

Viruses of different sorts are the most dangerous things on the Internet, and clever users are trying to avoid them with help of anti-viral software and decent behavior during web-surfing. Almost each person that owns a PC knows that viruses are very cunning and the computer must be protected. But there’s a thing that novice users don’t understand: the common viruses from the Internet cannot penetrate their computers independently. 99% of infected computers were infected through users fault. Scammers don’t want to spend too much efforts on developing of complicated viruses, so they use “social engineering” to trick users to download the viruses. These tricks may differ from the placing of viruses on file-sharing services to sending of fake e-mails. Today’s article is dedicated to the variation of method, called “Download an update”, and we will describe it from the very beginning.




Few months ago we began to receive complaints on a new “virus” which was called "HoeflerText" font wasn't found and appeared in browsers. Here’s the simulation of common case of infection:


  • User searches for something in the Web or visits his favorite website, and suddenly realizes that the website looks very strange. All characters turned to rhombs and question marks, the website’s content is completely unreadable and its functionality isn’t available. In few seconds the pop-up appears, which says that the website is displayed incorrectly because there’s no HoeflerText font on user’s PC. There is also a button that allows to download “Chrome font pack”.
  • User decides that HoeflerText font is a very important component and he should download it on his computer. The instruction on the pop-up is pretty clear: it says to download a file and to launch it, so user does this and gets a virus. It should be noted that at the moment of infection the browser is clear and works properly, so it shows a warning that the downloaded file is unsafe and might contain viruses.

Now let’s figure out, what really is going on with this “font”. First of all, there is no such font as HoeflerText. Also, the display of corrupted website doesn’t mean that there’s a virus on your PC. The true reason of the weird outlook of the website is that the website itself was hacked. Hackers embedded the EITest javascript in the website’s code, and this script is responsible for the displaying of strange characters and pop-up. We can say even more: an infected website and the downloaded “font pack” aren’t dangerous until you will run the Chrome_font.exe file that pop-up prompts you to download. This file is a real virus and it is extremely dangerous. When user clicks on the “update” button, the script sends the request to the remote website, and the website sends the file. This file may contain any kind of virus, but for now there were reports only about two of them: Spora ransomware and Fleercivet.


The first one, Spora, is an extremely dangerous ransomware that can encrypt all files on your PC and you won’t be able to decrypt them without paying a ransom. Now there’s a tool that can protect you from being infected with this ransomware, but if it’s already in the system – you’ll need to wait until the decryptor will be developed. The second one, Fleercivet, is the spyware, which can expose your private information, from the list of search queries to the password from your bank account. We suppose that in short scammers will change the program, but it still will be some dangerous virus.


As you see, “HoeflerText font wasn't found” isn’t a virus, and it can’t get into your system if you won’t allow it to do so. The success of such scheme depends on one thing: attendance parameter of the hacked website. If hackers will manage to embed their script into really popular website, there will be much more victims. There are few advices that can be made according to this case:


  • Don’t download the programs (drivers, font packs, updates) that were proposed to you, especially if you see such proposals more than once. Trustful programs don’t pounce at you, offering service – they just wait until you find them on official websites.
  • The only warnings that you should care about are the warnings from your antivirus, your browser and OS. The true warnings from these sources are only about not doing something, and not about downloading, purchasing, passing the links and calling the numbers.
  • Keep all useful programs up to date, and you will know for sure that the offers to update drivers or download the new font pack are the attempts to trick you.




Share your feedback to help other people



This website uses cookies to improve your experience