Be on the lookout for malware called ChromeLoader which takes control of your browser and manipulates your search results to entice you to click on dodgy links, in an attempt to steal your user data. ChromeLoader is known as a “browser hijacker” and its purpose is in the name – to hijack your browser and push you towards particularly dangerous links.
ChromeLoader changes the user’s browser settings to swap out legitimate search results for adverts for bogus links, surveys as well as other harmful content which then operates to steal your data. Don’t be fooled into thinking that this doesn’t affect Apple since the name is ChromeLoader, as iOS is just as vulnerable.
The warning comes after researchers at RedCanary noticed an increase in activity since the start of the year. ChromeLoader manages to work its way into systems through a corrupt ISO file which is usually disguised as an executable file as part of commercial software or a video game distributed through torrent sites. Furthermore, QR codes in Twitter posts that promote cracked Android games have also been found to contain malicious software.
After the software has been installed the user is then directed to an affiliate network of malicious sites that then work to funnel revenue and data to the creator. RedCanary further mentions that “ChromeLoader uses PowerShell to inject itself into the browser and add a malicious extension to it, a technique we don’t see very often (and one that often goes undetected by other security tools).”
“If applied to a higher-impact threat—such as a credential harvester or spyware—this PowerShell behavior could help malware gain an initial foothold and go undetected before performing more overtly malicious activity, like exfiltrating data from a user’s browser sessions.”
The best safety measure to take here is to be incredibly cautious if you do visit torrent sites and to be incredibly aware of what programmes you are executing. As they always say, prevention is better than cure.