Security News > 2022 > September > VMware, Microsoft warn of widespread Chromeloader malware attacks

VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases.
On Friday evening, Microsoft warned about an "Ongoing wide-ranging click fraud campaign" attributed to a threat actor tracked as DEV-0796 using Chromeloader to infect victims with various malware.
The ChromeLoader malware is delivered in ISO files that are distributed through malicious ads, browser redirects, and YouTube video comments.
ISO files have become a popular method to distribute malware since Microsoft began blocking Office macros by default.
ChromeLoader ISOs commonly contain four files, a ZIP archive containing the malware, an ICON file, a batch file that installs the malware, and a Windows shortcut that launches the batch file.
As part of their research, VMware sampled at least ten Chromeloader variants since the start of the year, with the most interesting appearing after August.
News URL
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)