Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Tech
    • Downloads
      • Malwarebytes
      • Exploits
      • Paper Downloads
    • Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Tech
    • Downloads
      • Malwarebytes
      • Exploits
      • Paper Downloads
    • Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Malware

ChromeLoader Attacking Chrome Browsers Worldwide – How to Protect Yourself

Paul Anderson by Paul Anderson
May 30, 2022 - Updated on May 31, 2022
in Malware
Reading Time: 2 mins read
0
ChromeLoader Malware surge
29
SHARES
448
VIEWS
Share on FacebookShare on Twitter

An attack campaign is underway spreading the notorious ChromeLoader malware hijacking Chrome browsers worldwide.

You might also like

Cybersecurity Crisis Hits Ardent Health Services

China Energy Giant, CEEC, Falls Victim to Rhysida Ransomware Attack

FBI Shuts Down Notorious IPStorm Botnet, Arrests Mastermind Sergei Makinin after Four-Year Cybercrime Spree

Aedan Russell, a security researcher from Red Canary, is reporting a sudden, unexpected rise in browser hijacking campaigns using the ChromeLoader malware. The attacker’s purpose is to hijack browsers via the “pervasive and persistent” malware that will modify an unsuspecting user’s browser settings which will redirect them to websites containing advertisements.

This new malware campaign, or as some experts like to refer to it as malvertising, is financially motivated as the adversaries are redirecting users to their own affiliate ads that can earn them money based on per view, install of software, or click of an ad.

What is the Malware ChromeLoader?

ChromeLoader is malware that is installed as a Chrome browser extension. The malware is normally disturbed with an ISO file extension through fraudulent social media posts containing QR codes, pirated movies, fake giveaways, or cracked video games.

Chrome Loader Malware social media
Screenshot provided by the researchers shows a scannable malicious QR code that leads to a site offering ChromeLoader.

ChromeLoader modifies the infected’s browser settings to display advertisements that lure users to download pay-per-install software, visit dating sites, or adult game sites, and participate in fake surveys. This malware stands out from other malicious browser extensions due to its unforgiving persistence, infection methods, and its unique use of PowerShell.

Attack Rundown

Red Canary’s blog post states that the attackers are using the ISO disk image file to carry the malware and invade systems. This ISO file is promoted as a cracked executable for paid software or a video game that the victim will download from file-sharing or torrent sites. The malware operators have also been seen using Twitter to spread the virus.

When the file is double-clicked on a Windows 10 system or later, it is mounted as a virtual drive. The virtual drive normally contains some sort of keygen or software crack titled “CS_Installer.exe”; this executable is what launches the malware.

When ChromeLoader is launched it executes and decodes a PowerShell script that downloads a file from a remote server. The PowerShell script executes the downloaded payload on the infected system discreetly loading it onto Chrome as a Chrome extension which hijacks and manipulates the browser’s results.

ChromeLoader's PowerShell script
ChromeLoader’s PowerShell script that executes upon running the executable in the ISO file

The Red Canary research teams also identified that the creators of ChromeLoader have also integrated support for macOS systems. Instead of using an ISO as a carrier, the attackers use a DMG (Apple Disk Image) file instead of an ISO.

Within the DMG file, the executables are replaced with bash scripts that download, decompress and install the malware extension to the private/var/tmp/ directory.

How to Protect yourself from ChromeLoader?

ChromeLoader is mainly distributed via social media and fake cracked software. So we suggest staying away from pirated software and installing a decent antivirus. If you’re infected by ChromeLoader or would like to protect yourself from similar threats, download and install Malwarebytes. Malwarebytes comes in both a free and paid version but both are highly effective at removing threats.

Source: RedCanary
Tags: Google Chromemalwarepowershell
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the bottom of the page.

Recommended For You

Crisis at Ardent Health: Ransomware attack disrupts operations, forcing patient diversions. The Tennessee-based provider initiates cybersecurity measures.

Cybersecurity Crisis Hits Ardent Health Services

November 27, 2023
State-owned China Energy Engineering Corp (CEEC) hit by Rhysida ransomware; global alert issued. Insights into tactics and impact on #StopRansomware effort

China Energy Giant, CEEC, Falls Victim to Rhysida Ransomware Attack

November 26, 2023

FBI Shuts Down Notorious IPStorm Botnet, Arrests Mastermind Sergei Makinin after Four-Year Cybercrime Spree

November 21, 2023

Boeing Faces Cybersecurity Crisis: Lockbit Ransomware Attack Exposes Sensitive Data Amid Citrix Vulnerability Concerns

November 13, 2023

New Variant of Jupyter Malware On The Rise

November 10, 2023

IBM X-Force Unearths New Gootloader Variant, “GootBot”

November 8, 2023
Next Post
Microsoft Office zero-day exploit CVE-2022-30190

Microsoft Office Zero-day "Follina" Allows Attackers to Execute PowerShell Scripts

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

FBI dismantles IPStorm botnet, arrests Sergei Makinin, ending a 4-year cybercrime spree. A major win against global online threats.

FBI Shuts Down Notorious IPStorm Botnet, Arrests Mastermind Sergei Makinin after Four-Year Cybercrime Spree

November 21, 2023
Researchers Expose Gaza Charity Crypto Scam

Researchers Expose Gaza Charity Crypto Scam

November 20, 2023
Global success: Europol, Czech, and Ukrainian police unite to dismantle a multi-million dollar vishing ring targeting Czech bank customers. Ten arrests made in a joint effort against cybercrime.

Europol and Local Forces Disband Multi-Million Dollar Vishing Ring

November 19, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact us
  • Press
  • Writers
  • Privacy Policy

© 2023 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
    • Tools
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Contact Us
    • Press
  • Privacy Policy

© 2023 ZeroSecurity, All Rights Reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.