ChromeLoader, what took you so long? Malvertising irritant now slings ransomware

2022-09-21 09:26

The Windows port of ChromeLoader is typically delivered in ISO image files that marks are tricked into downloading, opening, and running the contents of - these ISO files are purported to be installation media for sought-after applications, such as cracked games and software suites.

In reality, the image files contain an executable that schedules a PowerShell script that brings up ChromeLoader proper.

As you can tell from the name, ChromeLoader targets Google's browser.

The first Windows variants of ChromeLoader were spotted in the wild in January 2022 and a macOS port in March.

Interestingly, Palo Alto Network's Unit 42 threat intelligence group in a report in July said it clocked a variant of ChromeLoader that was built using the AutoHotKey scripting tool, and distributed as an AHK file, as opposed to an ISO. Mac versions were pushed as DMG files.

The VMware team said it considers ChromeLoader "Pesky adware." Given the evolution in the malware in recent months, it's expected that miscreants will continue to make use of it.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/21/vmware_microsoft_chromeloader_threat/

#malvertising #ransomware