Anyone who has ever used an online word processing program – such as Microsoft Word or Google Docs – knows that it’s pretty easy to get distracted with choosing a font. Long gone are the days of simple typefaces, or having to rely on Notepad on your desktop. Palatino, Helvetica, Garamond – even having a cheeky look at your document in Wingdings, when we all know that ultimately we will probably return to good old Arial or Times New Roman! (Or Comic Sans – for those of us who just can’t help ourselves).
But did you know that choosing your fonts isn’t just about the aesthetics?
ReasonLabs’ latest report Revenge of the Unitrix brings to the fore the latest research on how text tricks can make us run malicious code.
So what do you as a consumer need to know?
1 No such thing as a free lunch
First of all, creativity is always to be applauded – but experimenting with new fonts that offer ‘free’ downloads is basically a recipe for disaster. If you’ve tried this at home before (has anyone else ever attempted to get hold of Disney’s instantly recognizable font?) you’ll appreciate that many fonts are in fact licensed – and the free version is basically another way to get you to install malware on your device.
Ultimately, a dodgy font can be used as a vector for a spoofing attack. Although the text may look regular to us, the humble user, your computer will be able to read dodgy encrypted code – and act accordingly.
Another clue to watch out for is if a familiar website suddenly becomes unreadable, and a browser alert asks you to download a font to fix it. This is almost certainly a trap, whereby a site has been hacked, and what you are seeing is actually a fake browser alert.
Some examples of font exploits in recent years include the One Font campaign, which targeted Microsoft 365 users, ZeroFont, which manipulated font sizes in order to enact phishing campaigns, and “hidden text”, placed between letters in order to weaken the recognition performance of anti-spam software.
2 Attack of the Invisible Letters
If we delve even deeper into the language and text used on our devices, we can start to discover that the issues stem even deeper than just the display fonts – to the actual letters themselves.
In the Revenge of the Unitrix report, our researchers have laid out for you a much more detailed and technical look at how different texts have been sabotaged, and what this may mean for the individual and their device. Homographic exploits, such as the Unitrix exploit, are used in order to infiltrate your device with viruses and malware such as infostealers, Trojans and cryptominers. By misusing a specific invisible Unicode Standard character, malicious attackers can trick a user into opening malicious files.
3 Stay Cyber Safe
At organization level, companies are recommended to use network security architecture in order to be more aware of possible obfuscation techniques designed by threat actors – thus avoiding falling for typical social engineering phishing tactics.
And if you are still angling to treat yourself to some new funky fonts, there are some free options out there, such as Google Fonts, that offer a much more secure database – just make sure you do your research first so you can be sure you are acting safely!
For more information about consumer cybersecurity and best practices, and staying cyber safe, head over to www.reasonlabs.com.
