India, Nov. 12 -- The cybercriminals behind GootLoader malware have launched another campaign that employs misleading font rendering to trick users into downloading malware. Security experts caution that this renewed hacking effort marries social engineering with technical subterfuge to evade both human awareness and security solutions.

The attack begins with an innocuous result from Google: a business template or a contract that looks exactly like the type of document you were searching for. You proceed to download the file, and it is a ZIP archive that says it will contain your document. The malware, however, is a JavaScript file that your device executes. Within minutes it will be in communication with a remote server that is controll...