This nasty browser-hijacking malware is becoming a serious threat
Date:
Fri, 27 May 2022 10:30:18 +0000
Description:
ChromeLoader's distribution is picking up, finding victims on both Windows
and macOS
FULL STORY ======================================================================
The distribution of the ChromeLoader malware has spiked in recent months, turning a relative nuisance into a full-blown threat.
Researchers from Red Canary have been tracking the malware for the past five months, and claim the threat has risen significantly.
According to the research, the attackers are targeting both Windows and macOS users, distributing the malware via torrent files masquerading as cracks for software and games.
Theyre also using social media sites, such as Twitter, to promote the torrent links, sharing QR codes leading to the sites that host the malware. ChromeLoader malware
The goal is to have the victims download the files themselves. For Windows targets, the files come in an .ISO archive which, when mounted with a virtual CD-ROM drive, displays an executive file posing as a crack or a keygen. Researchers are saying that its most likely filename is CS_Installer.exe.
Once the victim runs the file, it executes and decodes a PowerShell command that pulls an archive from the server , and loads it as an extension for the Google Chrome browser . After that, PowerShell removes the scheduled task, leaving no traces of its presence. Read more
How to beat a browser hijacker
Fake streaming sites were the biggest threat of the Tokyo Olympics
This WordPress vulnerability could let hackers hijack your entire site
The methodology for macOS is somewhat different; instead of an ISO, the attackers use DMG files, which are more common on the platform. It also swaps the installer executable for an installer bash script that downloads and decompresses the extension into "private/var/tmp".
ChromeLoader is described as a browser hijacker that can tweak browser settings on the target endpoint , making it show modified search results. By showing fake giveaways, dating sites, or unwanted third-party software, the threat actors earn commission in affiliate programs.
What makes ChromeLoader stand out in a sea of similar browser hijackers is
its persistence, volume and infection route, the researchers said. Keep your browsers secure with the best antivirus software around
======================================================================
Link to news story:
https://www.techradar.com/news/this-nasty-browser-hijacking-malware-is-becomin g-a-serious-threat/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)