ChromeLoader malware is growing in numbers this month after a steady growth since the beginning of the year, making browser hijacking a widespread threat.
ChromeLoader is a type of browser hijacker that can modify the victim's web browser settings to display search results that advertise junkware, run auto-runs on fake survey sites, fake giveaways, and advertise adult games and dating sites.
Those behind this malware will receive financial benefits through an affiliate marketing system.
There are many malware of this type, but ChromeLoader stands out for its persistence, scale, and infection path thanks to its aggressive abuse of PowerShell .
PowerShell Abuse
According to researchers at Red Canary, who have been tracking ChromeLoader's activity since February, the operators use a malicious ISO archive file to infect victims with malware.
Often malicious ISO files will be disguised as cracked software or games for victims to download and activate themselves. There are even ads on Twitter for cracked Android games with QR codes that lead directly to malware download pages.
When a user double-clicks on the malicious ISO file, it mounts as a virtual CD-ROM drive. It contains executable files with .exe extensions. When run, it triggers ChromeLoader and decodes a PowerShell command that fetches a remote resource archive and loads it as a Google Chrome extension .
Once done, PowerShell will delete the scheduled tasks that infected Chrome with an extension that can silently infiltrate the browser and manipulate search results and perform other actions.
macOS is also under attack
The people behind ChromeLoader also target computers running macOS. They want to compromise both Chrome and Safari running on macOS.
The infection chain on macOS is similar to that on Windows, but instead of using ISOs, they use DMG (Apple Disk Image) files, a more common format on Apple's operating system.
Furthermore, instead of executing the installer, the ChromeLoader variant on macOS uses the installer's bash script to download and unpack the ChromeLoader exension in the "private/var/tmp" directory.
To stay present as long as possible, ChromeLoader will add a preferences file ('plist') to the '/Library/LaunchAgents' directory. This ensures that whenever a user logs into a graphical session, ChromeLoader's Bash script can continue to run.
To check and delete extensions, follow these instructions:
You can also check other browser settings to see if there is anything unusual. If you find any strange settings, restore the original mode to solve the problem.
Long-distance travel can involve heavy traffic, changing weather conditions, and rider fatigue. If you are also dealing with the responsibilities of moving home, such as packing belongings or coordinating accommodation, a long ride may add unnecessary pressure to an already busy schedule.
Tired of Microsoft Teams shortcut error preventing you from opening the app? Follow our expert, step-by-step guide with the latest fixes for instant resolution. Works on Windows, Mac & web – no tech skills needed!
Tired of Microsoft Teams Task Management Sync Error halting your workflow? Follow our proven, step-by-step fixes to resolve sync issues fast and restore seamless task collaboration. No tech expertise needed!
Struggling with Microsoft Teams Wiki Error Formatting? This step-by-step guide reveals proven fixes for common wiki tab issues, ensuring smooth editing and collaboration in Teams. Get back to productive wikis fast!
Struggling with Microsoft Teams installation error on Linux? Discover step-by-step fixes for Ubuntu, Fedora & more. Resolve dependency issues, crashes, and errors quickly with our ultimate guide. Get Teams running smoothly today!
Struggling with Microsoft Teams "Error Page" not loading? Get step-by-step fixes for desktop, web, and mobile. Solve Microsoft Teams Error Page issues quickly and resume seamless teamwork today.
Tired of Microsoft Teams "Error Screenshot" blocking your workflow? Get proven, step-by-step solutions to resolve screenshot errors in Teams instantly and boost productivity. No tech skills needed!
Tired of Microsoft Teams "Error U" User blocking your chats? Get proven, step-by-step fixes to clear cache, reset, and restore seamless collaboration instantly.
Unlock the precise locations of Microsoft Teams registry keys on Windows 11. Step-by-step guide to find, access, and safely tweak them for optimal performance and troubleshooting. Essential for IT pros and Teams enthusiasts.
Tired of Microsoft Teams "Training Error" Video Lag ruining your meetings? Follow our step-by-step guide with the latest fixes for smooth video calls—no more frustration!
