Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11ChromeLoader malware rages around the world, attacking both Windows and Mac
This month, ChromeLoader malware is growing strongly in number after destructive on a steady scale since the beginning of the year. This makes browser hacking a widespread threat.
ChromeLoader is a browser-intrusive malware capable of modifying the victim's web browser settings to display search results for spam software ads, run tags to access fake survey sites, and give fake gifts. impersonation, advertising adult games and dating sites.
Those behind this malware will get financial benefit through affiliate marketing system.
There is a lot of malware of this type but ChromeLoader stands out for its persistence, scale, and infection path through active abuse of PowerShell.
Abuse of PowerShell
According to Red Canary researchers, who have been monitoring ChromeLoader's activity since February, the operators use a malicious ISO archive to infect victims with malicious code.
Often malicious ISO files will be disguised as cracked software and games for victims to download and activate themselves. There are even ads on Twitter for cracked Android games with QR codes that lead directly to a malware download page.
When the user double-clicks the malicious ISO file, it will be mounted as a virtual CD-ROM drive. It will contain executable files with the .exe extension. When run it will fire up ChromeLoader and decode a PowerShell command with the ability to fetch the remote resource archive and load it as a Google Chrome extension.
Once done, PowerShell will delete scheduled tasks that have infected Chrome with an extension with the ability to silently infiltrate the browser and manipulate search results and other behaviors.
macOS is also attacked
The guys behind ChromeLoader also target computers running macOS. They want to manipulate both Chrome and Safari running on macOS.
The infection chain on macOS is similar to that on Windows, but instead of ISO, they use a DMG (Apple Disk Imgage) file, a format more common on Apple's operating system.
Furthermore, instead of executing the installer, the ChromeLoader variant on macOS uses the installer's bash script to download and extract the ChromeLoader exension in the "private/var/tmp" directory.
To stay present for as long as possible, ChromeLoader will add a preferences file ('plist') to the '/Library/LaunchAgents' folder. This ensures that every time a user logs into a graphical session, ChromeLoader's Bash script can continuously run.
Alternatively, you can also check other browser settings for anything unusual. If strange settings are detected, restore to factory mode to solve the problem.
Micah SotoYou should read it
- Microsoft 'paralysis' Chrome is malware
- Google updates Chrome to prevent Microsoft from mistaking it for malware
- Google Chrome temporarily prevents sideload of extensions
- New malware appeared to take advantage of COVID-19 to wipe out the computer and overwrite the MBR
- Detect and remove stealth software using Chrome with the Chrome Cleanup Tool
- What is Goldoson Malware? How can you protect yourself?
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
May be interested
- 8 Reasons Password Managers Aren't As Secure As You Think
password managers aren't perfect. and not everyone likes the idea of storing all of their passwords in a single location. - These Apps Will Steal Your Facebook Password and Cryptocurrencyif you have one of the apps installed below, remove it from your phone right away to protect your facebook account and cryptocurrencies.
- Can a VPN Protect You From Ransomware?ransomware is a worrisome online threat. if it's installed on your computer, you not only risk paying a ransom to get your files back, but you also potentially won't get them back even after paying.
- Detected a security flaw in Lenovo's UEFI firmware, affecting 100 laptop modelsusers who are using affected laptop models should update to the latest firmware to be on the safe side.
- Microsoft Defender disappoints in its ability to work offline, the detection rate of security risks is just over 60%microsoft's internal antivirus program mainly implements protection of cloud-based systems that connect to the internet.
- How to Customize Windows Firewall with Windows Firewall Controlwindows' default firewall and anti-virus program should be more than enough for most people. however, there is one thing these programs lack, and that is customizability. and that's where malwarebyte's windows firewall control comes into play.
XLoader malware attacks Mac users, collects login information, takes screenshots
Detecting new culprits attacking Windows 10
Microsoft warned about malware attacking XP
Beware of BIOPASS malware hidden in Chinese online gambling sites
More than 100,000 pages using Wordpress are infected with malware