Manuel BisseyJun 16, 2023

A new version of the infamous browser extension aka ‘shampoo’ is spreading through files on websites offering pirated wares, and leverages unique persistence mechanisms☝️👩‍💻 #chromeloader #hacking

https://www.darkreading.com/endpoint/-shampoo-chromeloader-variant-difficult-wash-out?utm_content=buffer8bcdc&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

'Shampoo' ChromeLoader Variant Difficult to Wash Out

A new version of the infamous browser extension is spreading through files on websites offering pirated wares, and leverages unique persistence mechanisms.

Dark Reading
AlexHernandez Jun 14, 2023

HP: Threat actors are hijacking users’ Chrome browsers when downloading from pirating sites

While pirating sites might look appealing, they have more than just good files that can be downloaded.

#technews #malware #chromeloader #hp

https://techaeris.com/2023/06/14/hp-threat-actors-are-hijacking-users-chrome-browsers-when-downloading-from-pirating-sites/

HP: Threat actors are hijacking users’ Chrome browsers when downloading from pirating sites

While pirating sites might look appealing, they have more than just good files that can be downloaded. Read on for more.

Techaeris
bencrypted@localhost:~$|Apr 26, 2023

Sophos MDR has observed quite the uptick in #chromeloader infections. We found one instance where the infection stemmed from a fake Youtube Video Downloader site.

🔎 Google search:download youtube video
➡️ User lands on hxxps://10downloader[.]com/en/51
➡️ User attempts to download a specific video
➡️ Redirection to hxxps://heinndoorh[.]com
➡️ Redirection to hxxps://llyighaboveth[.]com
➡️ Redirection to hxxps://adtwobrightsa.info/12557074
⬇️ Downloads the sample Your File Is Ready To Download.exe

This often leads to the creation of a schtask such as \chrome display, \chrome disp, \chrome profile, and many more.

Encoded powershell is invoked to create a registry key under HKCU:\Software\ with various paths such as:

  • AudioConverterStudio
  • FoxitSoftware
  • KCSoftwares
  • DTSoft
  • BinaryFortressSoftware

#threatintel

Hackread.comFeb 28, 2023

📣 #ChromeLoader, which was formerly discovered lurking within fake #VPN and antivirus, has now expanded its reach to encompass well-known games and utility software.

Read: https://www.hackread.com/roblox-nintendo-chromeloader-malwar/

#Security #Malware #Gaming #Roblox #Nintendo #cybersecurity

Fake ROBLOX and Nintendo game cracks drop ChromeLoader malware

Follow us on Twitter @HackRead - Facebook @ /HackRead

HackRead | Latest Cybersecurity and Hacking News Site
securityaffairsFeb 27, 2023
#ChromeLoader campaign uses VHD files disguised as cracked games and pirated software
https://securityaffairs.com/142740/cyber-crime/chromeloader-malware-vhd-files.html
#securityaffairs #hacking #malware
ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers from Ahnlab Security Emergency Response Center (ASEC) recently uncovered a malware campaign distributing the ChromeLoader using VHD files. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect user traffic. […]

Security Affairs
Tarnkappe.infoFeb 27, 2023
📬 Auf diesen PC-Spiele-Download solltest Du besser verzichten
#Gaming #Malware #AdobePhotoshop #Adware #CallofDuty #ChromeLoader #EldenRing #MarioKart #Microsoftoffice #Minecraft #VHD #Zelda https://tarnkappe.info/artikel/malware/auf-diesen-pc-spiele-download-solltest-du-besser-verzichten-266048.html
Auf diesen PC-Spiele-Download solltest Du besser verzichten

Hinter so manch einem via Google auffindbaren Download beliebter Spiele für den PC oder die Nintendo Switch steckt eine bösartige Malware.

Tarnkappe.info
Colin CowieJan 22, 2023

Day 1️⃣​0️⃣​ of #100DaysOfYara: MacOS Browser Hijacker Scripts🍎​
🔗​ https://github.com/colincowie/100DaysOfYara_2023/blob/main/January/010/010.md

Background on these MacOS malware scripts used by #ChromeLoader aka #ChoziosiLoader:
📖​ https://redcanary.com/blog/chromeloader/
📖​ https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html
📖​ https://www.th3protocol.com/2022/Choziosi-Loader

Todays rule did a nice job of detecting the historical ChromeLoader scripts. A more generic yara rule for identifying .command script abuse would potentially be pretty interesting!

100DaysOfYara_2023/010.md at main · colincowie/100DaysOfYara_2023

#100DaysOfYara is a challenge in which participants aim to create 100 Yara rules over the course of 100 days. This could involve creating new rules to identify previously unknown malware, or updati...

GitHub
TechHelpKB.com 📚Jul 23, 2022
Tech Wrap-Up for Week #29, the top 10 stories by user engagement. New #ChromeLoader variant, #CloudMensis #spyware plagues #Macs, #Windows11 blocks RDP brute-force attacks, #Chrome #security update, easy #Android secure #DNS, & more in this week's wrap-up. https://www.techhelpkb.com/tech-wrap-up-week-29-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup
Tech Wrap-Up Week 29 2022 | Tech Help Knowledgebase

Tech Wrap-Up Week 29 2022. New ChromeLoader variant, CloudMensis spyware plagues Macs, Windows 11 blocks RDP brute-force attacks, Chrome security update, and more.

Tech Help Knowledgebase
TechHelpKB.com 📚Jul 21, 2022
Tech Wrap-Up for July 20, which is #MoonDay. New #ChromeLoader variant, #CloudMensis #spyware plagues #Macs, easy #Android secure #DNS, new #Microsoft365 dash in #Edge, best #browser of 2022, and #Chrome 103 updated, all in today's wrap-up. https://www.techhelpkb.com/tech-wrap-up-7-20-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup
Tech Wrap-Up 7-20-2022 | Tech Help Knowledgebase

Tech Wrap-Up 7-20-2022. New ChromeLoader variant, CloudMensis spyware plagues Macs, easy Android secure DNS, new Microsoft 365 dashboard in Edge, and more.

Tech Help Knowledgebase
Teddy / Domingo (🇨🇵/🇬🇧)Jul 19, 2022
Researchers Uncovered New Variants of the #ChromeLoader #Malware. Since December 2021, a total of four #ChromeLoader versions have been found. Users must understand the need for #security software, keep their systems in check, and run regular scans to avoid #ChromeLoader #attacks.
https://cyware.com/news/researchers-uncovered-new-variants-of-the-chromeloader-malware-f382ff70/?&web_view=true
Researchers Uncovered New Variants of the ChromeLoader Malware

New variants of the ChromeLoader infostealer were identified by Palo Alto Networks Unit 42, indicating the quick evolution of the malware in a short span of time.

Cyware