ChromeLoader malware is growing in numbers this month after a steady growth since the beginning of the year, making browser hijacking a widespread threat.
ChromeLoader is a type of browser hijacker that can modify the victim's web browser settings to display search results that advertise junkware, run auto-runs on fake survey sites, fake giveaways, and advertise adult games and dating sites.
Those behind this malware will receive financial benefits through an affiliate marketing system.
There are many malware of this type, but ChromeLoader stands out for its persistence, scale, and infection path thanks to its aggressive abuse of PowerShell .
PowerShell Abuse
According to researchers at Red Canary, who have been tracking ChromeLoader's activity since February, the operators use a malicious ISO archive file to infect victims with malware.
Often malicious ISO files will be disguised as cracked software or games for victims to download and activate themselves. There are even ads on Twitter for cracked Android games with QR codes that lead directly to malware download pages.
When a user double-clicks on the malicious ISO file, it mounts as a virtual CD-ROM drive. It contains executable files with .exe extensions. When run, it triggers ChromeLoader and decodes a PowerShell command that fetches a remote resource archive and loads it as a Google Chrome extension .
Once done, PowerShell will delete the scheduled tasks that infected Chrome with an extension that can silently infiltrate the browser and manipulate search results and perform other actions.
macOS is also under attack
The people behind ChromeLoader also target computers running macOS. They want to compromise both Chrome and Safari running on macOS.
The infection chain on macOS is similar to that on Windows, but instead of using ISOs, they use DMG (Apple Disk Image) files, a more common format on Apple's operating system.
Furthermore, instead of executing the installer, the ChromeLoader variant on macOS uses the installer's bash script to download and unpack the ChromeLoader exension in the "private/var/tmp" directory.
To stay present as long as possible, ChromeLoader will add a preferences file ('plist') to the '/Library/LaunchAgents' directory. This ensures that whenever a user logs into a graphical session, ChromeLoader's Bash script can continue to run.
To check and delete extensions, follow these instructions:
You can also check other browser settings to see if there is anything unusual. If you find any strange settings, restore the original mode to solve the problem.
To get the fastest promotional information from Circle K, you should install the CK Club application. The application saves your payments when shopping or paying at Circle K as well as the number of stamps collected.
Instagram has just announced that it will allow users to post Reels videos up to 3 minutes long, double the previous 90-second limit.
This article will guide you how to view CPU information, check CPU speed directly on your Chromebook.
If you don't want to sell or give away your old tablet, you can use it in 5 ways: as a high-quality photo frame, music player, e-book & magazine reader, housework assistant, and as a secondary screen.
You want to have a beautiful, shiny, healthy nail quickly. The simple tips for beautiful nails below will be useful for you.
This article will list color-inspired tips, shared by top designers from the Creative Market community, so you can get the perfect color combination every time.
Can you really replace your laptop with your phone? Yes, but you'll need the right accessories to turn your phone into a laptop.
One important thing in the full event video was that the upcoming ChatGPT app feature was demoed but no real details were shared. That is, ChatGPT's ability to see everything that's happening on the user's device screen.
Many top AIs, despite being trained to be honest, learn to deceive through training and systematically induce users into false beliefs, a new study finds.
ChatGPT now has a question change option so users can edit the question or content they are exchanging with ChatGPT.
QR codes seem pretty harmless until you scan a bad one and get something nasty thrown at you. If you want to keep your phone and data safe, there are a few ways you can spot a fake QR code.
On stage at MWC 2025, Qualcomm made a splash when it introduced its eighth generation of 5G modem called the X85, which is expected to be used in flagship smartphones launching later this year.
You have a trendy “Ultramarine” iPhone 16, but one fine day you suddenly feel bored with that color; what will you do?
In January, Microsoft announced plans to bring NPU-optimized versions of the DeepSeek-R1 model directly to Copilot+ computers running on Qualcomm Snapdragon X processors.
The IF statement is a common logical function in Excel. The SWITCH statement is less well known, but you can use it instead of the IF statement in some situations.
