Starting early September 2017, fake browser font update theme spam campaigns have been evolving. Security researchers at Palo Alto reported that this theme was used by EITest malvertising group and their spam campaigns are used to distribute a commercial Remote Access Trojan (RAT) called NetSupport Manager RAT . The campaign discussed by Palo Alto researchers used Hoefler font update pop-up’s to trick users in downloading this RAT.
In a different campaign, security researchers at MalwareBreakDown reported on fake Roboto Condensed font themed spam campaigns delivering Zloader a.k.a Zbot banking Trojan.
It is a best practice to be attentive while clicking on fake pop-up’s since it could likely lead in financial and sensitive information loss.