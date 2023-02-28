We saw a new malware attackof a threat called Chrome Loader distributed via file virtual hard disk (vhd), which represents a deviation from the ISO optical disc image format.

“These VHD files are distributed under names that make them look like hacks or cracks for Nintendo and Steam games,” he said declared the AhnLab Security Emergency Response Center (ASEC) in a report last week.

Chrome Loader (also known as Choziosi Loader or ChromeBack) originally appeared out of nowhere in January of 2022 as a browser hijacker (URL to understand) and credential stealing malware, but has evolved into a more powerful and multifaceted threat, capable of stealing sensitive data, spreading dangerous ransomware and even releasing decompression “bombs” ZIP Bomb).

What are the targets of ChromeLoader malware and how does it work?

The main aim of this malware is to to compromise web browsers such as Google Chrome (ChromeLoader, the name says so!) and modify browser settings to intercept and direct traffic to dubious advertising websites; Among other things, the ChromeLoader malware has emerged as a means of performing click fraud, using a browser extension to monetize clicks.

Misleading advertising banners are probably also exploited (one of the oldest techniques on the internet): this is why the AdBlocker becomes necessary for one’s online security, but this deserves to be covered elsewhere.

Since it was discovered, the malware has undergone multiple versions, many of which have the ability to breach both Windows and macOS systems. The move to VHD files is yet another sign that the campaign has undergone a lot of changes in recent months.

Analysis of the series of infection indicates that the main targets are users looking for pirated software and cheats for (and for) video gameswhich lead to the download of VHD files from fraudulent sites that appear on search results pages.

Some of the popular game and software titles used are Elden Ring, Dark Souls III, Red Dead Redemption 2, Need for Speed, Call of Duty, The Legend of Zelda: Breath of the Wild, Mario Kart 8 Deluxe, Super Mario Odyssey, and popular programs such as Microsoft Office and Adobe Photoshop are not excluded.

“Downloading a VHD file through this process can make it appear to the user that the VHD file is a game-related program“said the ASEC researchers. “Disguising malware as game hacks and crack programs is a method employed by many threat actors“.

In order not to incur such risks, users are advised to do not follow suspicious links and download software from official sources only.

The ChromeLoader malware was adapted to bypass security mechanisms and attack users via VHD files disguised as game hacks and cracks; this demonstrates the ever-evolving cyberthreats and the importance of keeping your equipment protected and following safe web browsing practices.

To protect against attacks of this type, users they should avoid looking for pirated software and only download from official sources; moreover, it is important to keep your anti-virus and anti-malware software up to date and maintain good computer habits, by doing so, you reduce the risk of malware infections and theft of personal and financial data.

If antivirus and antimalware have no effect, here is a video tutorial explaining how to remove ChromeLoader: