ChromeLoader malware is growing in numbers this month after a steady growth since the beginning of the year, making browser hijacking a widespread threat.
ChromeLoader is a type of browser hijacker that can modify the victim's web browser settings to display search results that advertise junkware, run auto-runs on fake survey sites, fake giveaways, and advertise adult games and dating sites.
Those behind this malware will receive financial benefits through an affiliate marketing system.
There are many malware of this type, but ChromeLoader stands out for its persistence, scale, and infection path thanks to its aggressive abuse of PowerShell .
PowerShell Abuse
According to researchers at Red Canary, who have been tracking ChromeLoader's activity since February, the operators use a malicious ISO archive file to infect victims with malware.
Often malicious ISO files will be disguised as cracked software or games for victims to download and activate themselves. There are even ads on Twitter for cracked Android games with QR codes that lead directly to malware download pages.
When a user double-clicks on the malicious ISO file, it mounts as a virtual CD-ROM drive. It contains executable files with .exe extensions. When run, it triggers ChromeLoader and decodes a PowerShell command that fetches a remote resource archive and loads it as a Google Chrome extension .
Once done, PowerShell will delete the scheduled tasks that infected Chrome with an extension that can silently infiltrate the browser and manipulate search results and perform other actions.
macOS is also under attack
The people behind ChromeLoader also target computers running macOS. They want to compromise both Chrome and Safari running on macOS.
The infection chain on macOS is similar to that on Windows, but instead of using ISOs, they use DMG (Apple Disk Image) files, a more common format on Apple's operating system.
Furthermore, instead of executing the installer, the ChromeLoader variant on macOS uses the installer's bash script to download and unpack the ChromeLoader exension in the "private/var/tmp" directory.
To stay present as long as possible, ChromeLoader will add a preferences file ('plist') to the '/Library/LaunchAgents' directory. This ensures that whenever a user logs into a graphical session, ChromeLoader's Bash script can continue to run.
To check and delete extensions, follow these instructions:
You can also check other browser settings to see if there is anything unusual. If you find any strange settings, restore the original mode to solve the problem.
Struggling with Microsoft Teams proxy error on Windows 10? Discover step-by-step fixes to resolve proxy authentication issues, connection failures, and more. Get Teams running smoothly in minutes with our expert guide.
Tired of Microsoft Teams Town Hall Event Error ruining your events? Get step-by-step fixes for scheduling, access, and registration issues. Restore seamless virtual town halls today with our ultimate guide.
Discover the simplest way to download Microsoft Teams for Mac, MacBook Air, and MacBook Pro. Step-by-step instructions, system requirements, and troubleshooting tips for seamless installation in the latest version. Get started now!
Stuck with Microsoft Teams Web Login Error? Get instant fixes for common issues like "Something went wrong" or login loops. Step-by-step guide to resolve Teams web login problems and stay productive. Updated with latest browser tweaks.
Struggling with Microsoft Teams Error 657rx Update Failed? Discover step-by-step fixes, from quick restarts to advanced troubleshooting, to get your Teams app updated and running smoothly in minutes. No tech skills required!
Tired of Microsoft Teams "VDI Error" Lag freezing your video calls? This ultimate guide delivers step-by-step fixes for VDI environments like Citrix and VMware. Optimize performance now for lag-free collaboration!
Struggling with Microsoft Teams "Join Meeting Error"? Discover proven steps to solve it via direct links. Quick fixes for seamless joining – no tech skills needed!
Discover simple steps to test your Microsoft Teams audio and camera before a call. Ensure crystal-clear sound and video for professional meetings every time with our easy guide. Perfect for desktop, mobile, and web users.
Struggling with Microsoft Teams Error 53003 Access Denied? Discover proven, step-by-step fixes to resolve it quickly. Clear cache, update Teams, bypass proxies & more for seamless collaboration. Works on Windows, Mac & web!
Master uploading custom backgrounds to Microsoft Teams with this easy step-by-step guide. Personalize your meetings effortlessly on desktop, web, or mobile for a professional edge.
Struggling with Microsoft Teams "Error on Phone" on iOS or Android? Discover step-by-step fixes for calls, permissions, network issues, and more. Get back to seamless teamwork fast!
Tired of Microsoft Teams OneDrive error blocking file sharing? Follow our expert step-by-step guide to fix sync issues, permissions errors, and more quickly. Get back to seamless collaboration today!
Struggling with Microsoft Teams screen flickering? Discover step-by-step solutions to fix this annoying error, from disabling hardware acceleration to driver updates. Get smooth video calls today!
Struggling with Microsoft Teams "Network Error" on public Wi-Fi? Get instant fixes like VPN tweaks, port checks, and cache clears to restore calls and meetings seamlessly. Step-by-step guide for quick relief.
Tired of the frustrating Microsoft Teams "Where\
