A Malicious Software Generating Fake Search Results Is Spreading Online, Beware!

TECH NEWS – Cybersecurity experts are seeing an increase in victims of the ChromeLoader malware.

 

Researchers at RedCanary have noticed an increase in ChromeLoader activity since the beginning of the year. This malware can completely take control of your browser and manipulate search results to trick you into clicking on a network of dubious, malicious sites and potentially steal your user data.

This nasty little piece of malware is called a browser hijacker. It changes the user’s browser settings to display search results and ads for fake sites, surveys and even adult games on both Windows PCs and macOS. Despite its name ChromeLoader, it affects Apple Safari as well as Google Chrome.

According to RedCanary’s research, ChromeLoader infiltrates most systems via a malicious ISO archive file, which is disguised as a hacked executable of a computer game or commercial software and distributed via torrent sites. In addition, QR codes in Twitter posts promoting hacked Android games contain links to ChromeLoader distribution sites.

In most cases, after being infected with the browser hijacker, the user is redirected to a series of bad sites, usually part of an affiliate network. Each visit to one of these sites generates revenue for the malware creator. ChromeLoader does this and more.

According to RedCanary, “ChromeLoader uses PowerShell to inject itself into the browser and add a malicious extension, a technique we don’t see very often (and which is often overlooked by other security tools)”.

RedCanary goes on to outline the worst-case scenario for this type of malware: “When applied to a higher-impact threat – such as a credential harvester or spyware – this PowerShell behavior can help malware gain an initial foothold and go undetected before it can perform overtly malicious activity, such as leaking data from a user’s browser sessions.”

On Mac computers, ChromeLoader works in a similar way, where after double-clicking on the DMG file, the installer script takes over and the bad browser extension starts to do its thing.

The best advice we can give is that if you frequently visit torrent sites, be extra careful when clicking on any links and don’t open executables that you don’t recognise. And if you see an advert for a hacked version of Cyberpunk 2077, don’t click on it.

Source : Redcanary

Spread the love
Avatar photo
BadSector is a seasoned journalist for more than twenty years. He communicates in English, Hungarian and French. He worked for several gaming magazines – including the Hungarian GameStar, where he worked 8 years as editor. (For our office address, email and phone number check out our impressum)

No comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

theGeek TV