MALVERTISER- advertising malware

Aditi Sharma

May 25, 2022

After a relatively stable presence since the start of this year, the ChromeLoader malware is seeing a rise in detection, posing a widespread threat. The malware can alter a user's web browser history and promote unwanted content from which the attacker stands to receive financial gain by redirecting user traffic to advertising sites. What makes ChromeLoader stand out apart from its widespread nature is the abuse of PowerShell.A malicious ISO archive file posing as a cracked version file for a game or software that the victims are likely to download on their computers through malicious sites. These files also contain an executable with names such as "CS_installer.exe" pretending to be a legit file. Then the ChromeLoader executes and decodes the PowerShell command that fetches an archive from a remote source and loads it as a chrome extension which manipulates the search engine results. Apart from windows, the malware is also capable of attacking macOS, targeting both chrome and safari browsers. The infection is transmitted similarly, but a DMG file is used instead of an ISO file. The macOS variant uses an installer bash script that decompresses the ChromeLoader into the "private/var/tmp" directory.

Abridged fromBleepingComputer