Malware
Web browsers increasingly targeted by ChromeLoader malware
Threat actors behind the ChromeLoader browser-hijacking malware have become increasingly active, with malware detections increasing this month, BleepingComputer reports.
Red Canary researchers discovered that a malicious ISO file spoofing a cracked game or commercial software executable has been leveraged by ChromeLoader operators to compromise targets' devices. Double-clicking the ISO file will prompt the deployment of various files, with ChromeLoader allowing a PowerShell command to retrieve a remote resource archive that is then loaded as an extension in Google Chrome, according to the report. Scheduled tasks will then be deleted by the PowerShell and a stealthy extension will facilitate browser hijacking and search result manipulation. The report also showed macOS systems being targeted by ChromeLoader attackers in an effort to compromise not only Google Chrome but also Apple's Safari browser.
Despite similar infection chains, attacks targeted at macOS systems involve the use of DMG files rather than ISO, as well as an installer bash script in place of the installer executable, said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds