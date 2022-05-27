ContributorsPublishersAdvertisers
Computers

This nasty browser-hijacking malware is becoming a serious threat

By Sead Fadilpašić
TechRadar
TechRadar
 4 days ago
https://img.particlenews.com/image.php?url=25jXUF_0fsCHb1w00
(Image credit: Shutterstock)

The distribution of the ChromeLoader malware (opens in new tab) has spiked in recent months, turning a relative nuisance into a full-blown threat.

Researchers from Red Canary have been tracking the malware for the past five months, and claim the threat has risen significantly.

According to the research, the attackers are targeting both Windows and macOS users, distributing the malware via torrent files masquerading as cracks for software and games.

They’re also using social media sites, such as Twitter, to promote the torrent links, sharing QR codes leading to the sites that host the malware.

ChromeLoader malware

The goal is to have the victims download the files themselves. For Windows targets, the files come in an .ISO archive which, when mounted with a virtual CD-ROM drive, displays an executive file posing as a crack or a keygen. Researchers are saying that its most likely filename is “CS_Installer.exe”.

Once the victim runs the file, it executes and decodes a PowerShell command that pulls an archive from the server, and loads it as an extension for the Google Chrome browser (opens in new tab). After that, PowerShell removes the scheduled task, leaving no traces of its presence.

The methodology for macOS is somewhat different; instead of an ISO, the attackers use DMG files, which are more common on the platform. It also swaps the installer executable for an installer bash script that downloads and decompresses the extension into "private/var/tmp".

ChromeLoader is described as a browser hijacker that can tweak browser settings on the target endpoint (opens in new tab), making it show modified search results. By showing fake giveaways, dating sites, or unwanted third-party software, the threat actors earn commission in affiliate programs.

What makes ChromeLoader stand out in a sea of similar browser hijackers is its persistence, volume and infection route, the researchers said.

https://img.particlenews.com/image.php?url=3pe8ik_0fsCHb1w00

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Comments / 0

Related
GeekyGadgets

How to block and hide your number on your Phone

There are times when you want to hide or block your number on your phone when making a call. This is a great way of protecting your privacy and keeping your mobile phone number private. You may want to call a company and enquire about their products and services and...
CELL PHONES
CNET

How to Find the Wi-Fi Password of Any Network You've Connected To

Remembering every Wi-Fi password for all networks you've ever logged in to is no easy task. But there's good news: The password should be stored on your laptop, even if it's a school, work or coffee shop network. However, if it doesn't automatically connect to the network next time, you may have to do a little digging to find out what the password is.
COMPUTERS
IN THIS ARTICLE
#Malware#Al Jazeera Balkans#Downloads#Chromeloader#Red Canary#Macos#Twitter#Iso#Powershell#Dmg
ZDNet

FBI and NSA say: Stop doing these 10 things that let the hackers in

Cyber attackers regularly exploit unpatched software vulnerabilities, but they "routinely" target security misconfigurations for initial access, so the US Cybersecurity and Infrastructure Security Agency (CISA) and its peers have created a to-do list for defenders in today's heightened threat environment. CISA, the FBI and National Security Agency (NSA), as well...
PUBLIC SAFETY
CNET

Please, Clear Your Android Phone's Cookies and Cache

Whether you have a Google Pixel 6, Samsung Galaxy S22 or another Android smartphone, your browser collects and stores data every time you surf the web. This data makes up your cookies and cache, and it can often be helpful. It keeps you logged into your accounts and loads frequently visited sites faster, for example.
CELL PHONES
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Computers
NewsBreak
Google
GeekyGadgets

Delete cookies on your iPhone to protect your privacy

If you would like to protect your privacy and the ability for third-parties to track their Internet activities or websites you may have visited when using your iPhone. Will be pleased to know that there is an easy way to delete and completly clear cookies from your iPhone, allowing you to remove any Internet history or website data that may be tracking your Internet habits without your knowledge or leaft behind from certain websites.
CELL PHONES
KTVL

Google warns Chrome users to update browser now

FRESNO, Calif. (KMPH) — Google confirmed its Chrome browser has multiple new vulnerabilities that could impact your browser. Google is advising Chrome users to update their browsers as soon as possible. Updating Chrome is fast and easy. To force Chrome to update manually, follow these simple steps:. Click the...
TECHNOLOGY
PC Magazine

The Best Secure Messaging Apps for 2022

Mobile chat services have put our friends and families at our fingertips, and group chats have revolutionized the way we socialize, collaborate, and organize. Unfortunately, not all chat services put security as their top priority. For some, however, it's a selling point. The main security concern with messaging services is...
CELL PHONES
TechRadar

Your Android phone is about to get a serious security update

Building on its plan to replace third-party cookies on the web, Google is bringing its new Privacy Sandbox standards to mobile to improve user privacy on Android smartphones. For those unfamiliar, the search giant’s Privacy Sandbox initiative consists of several parts including Google Topics and FLEDGE. While Google Topics splits the web into different topics and divides users into groupings depending on their interests, FLEDGE is dedicated to facilitating remarketing or showing ads on websites based on a user’s previous browsing history.
CELL PHONES
GeekyGadgets

How to free up space on an Android phone

This guide is designed to help your free up some storage space on your Android phone or tablet, you may be running out of space on your device. These tips will help you reclaim some storage space on your Android device. There are a number of different ways that you...
CELL PHONES
GeekyGadgets

How to record a call on an Android Phone

This guide is designed to show you how to record a call on your Android Phone, this is something that can be useful, when you record a call you should make sure that it is done legally. It should be made clear that you should not record a call or...
CELL PHONES
TechRadar

Hackers have found a new way to smuggle malware onto your device

Cybersecurity researchers from HP Wolf Security have spotted a new cybercrime campaign that leverages PDF files to try and distribute the Snake Keylogger onto vulnerable endpoints. According to the researchers, the threat actors would first send an email holding the subject line “Remittance Invoice”, to try and trick the victims...
TECHNOLOGY
TechRadar

TechRadar

38K+
Followers
42K+
Post
4M+
Views
ABOUT

Its mix of genuine and reliable advice alongside entertaining and fun to read editorial content is why millions of people trust TechRadar to give them tech advice on everything from the latest smartphone releases to the best in digital cameras.

 http://www.techradar.com

Comments / 0

Community Policy