New variants of ChromeLoader, a malware that steals information from websites, have been discovered by security researchers at Palo Alto Networks Unit 42, demonstrating how quickly the malware is evolving its features over time.
Malware such as ChromeLoader hijacks victims’ browser searches to display advertisements and hacks their browser search engine results.
In January 2022, ChromeLoader was discovered and is being distributed as ISO or DMG files that can be downloaded from sites like Twitter and free gaming websites by using QR codes attached to the URL.
A number of cybersecurity groups have also given ChromeLoader the following names:-
Here below we have mentioned all the different variants of this malware:-
In the case of the adware in question, what is noteworthy is that it has been crafted as an extension for the browser rather than an executable (.exe) or Dynamic Link Library (.dll) for Windows.
As a general rule, these infections are spread through malicious advertising campaigns on pay-per-install sites and social media that are meant to lure users into downloading fake movie torrents or fake cracked video games and software.
In addition, it has also been designed so that it can intercept all searches performed by users using search engines like:-
This allows the threat actors to gather sensitive information about the users’ online activities by accessing their web browser data and manipulating web requests.
Initially, ChromeLoader malware was seen targeted at Windows users in January, and a macOS variant was seen targeted at macOS users in March.
There are several attacks that have been attributed to the malware, although the first reported attack occurred in December 2021. In that case, the executable was created using an AutoHotKey compiler, as opposed to the ISO files that are now commonly seen.
In addition, it is also claimed that the first version of this malware lacks obfuscation abilities. In later iterations of the malware, this feature has been incorporated in order to disguise the purpose and the malicious code behind the malware.
It is clear from this attack chain that two emerging trends are gaining popularity among malware authors – the use of ISO (and DMG) files, as well as the use of browser extensions – that security products and even average users, should be aware of.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as…
TechCrunch has uncovered a concerning development in consumer-grade spyware: a stealthy Android monitoring app that…
In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in…
Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in…
A newly identified Linux backdoor named "Auto-Color," first observed between November and December 2024, has…
In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using deceptive…