Cybersecurity experts have been warning users about a Google Chrome scam that targets Windows users in the US, UK, Canada and Australia. The scam, which began in December, uses a pop-up stating “The ‘HoeflerText’ font wasn’t found” and tells users to download an update, which is actually malware.

The malware campaign started on December 10, 2016 and is tricky and sophisticated as it is disguised as a legitimate popup that looks like it is coming directly from the browser. In fact, it is a form of fraud malware that is known as Fleercivet.

According to security firm Rapid7, “Chrome users should be aware that legitimate warnings from the Chrome browser will never appear as overlays to a web page. Specifically, Chrome does not offer any functionality for prompting for a missing font download, and all such prompts are sourced from malware or malvertising campaigns.”