Security News > 2022 > July > Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time.

Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter and free gaming sites.

While the first Windows variant of ChromeLoader malware was spotted in January, a macOS version of the malware emerged in March to distribute the rogue Chrome extension in the form of disk image files.

A new analysis from Palo Alto Networks Unit 42 indicates that the earliest known attack involving the malware occurred in December 2021 using an AutoHotKey-compiled executable in place of the later-observed ISO files.

"This malware was an executable file written using AutoHotKey - a framework used for scripting automation," Unit 42 researcher Nadav Barak said, adding it was used to drop "Version 1.0" of the browser add-on.

"This malware demonstrates how determined cybercriminals and malware authors can be: In a short time period, the authors of ChromeLoader released multiple different code versions, used multiple programming frameworks, enhanced features, advanced obfuscators, fixed issues, and even adding cross-OS support targeting both Windows and macOS," Barak said.

News URL

https://thehackernews.com/2022/07/researchers-uncover-new-variants-of.html