Rise in ChromeLoader Malware Causes Concern
A very noticeable rise in a particular brand of Chrome malware has been noticed by security companies. The so-called ‘ChromeLoader malware’ has apparently made a significant return and we all need to be aware.
The ChromeLoader malware, officially called Choziosi Loader, is spread through infected downloads and has been spotted frequently in cracked game ISOs and social media posts with QR codes to pirate content.
The malware isn’t too destructive but it is incredibly annoying.
It hijacks your browser and redirects you to advertising websites. While relatively harmless, the nature of malware means it can be modified at any time to do more damage.
Invasive Malvertising
The malware is particularly effective at leveraging PowerShell in Windows to inject itself as a Chrome addon.
However, another version has been found working on Mac computers, so nobody is safe right now.
The malware has been spotted inside cracked ISOs, cracks for games and in Twitter posts advertising cracked games. The posts include a QR code that takes you direct to the website to grab the file.
Once activated, the malware will install itself as a Chrome extension and will remove all traces of its installation, including the usual giveaway, the scheduled task within Windows.
This makes it very difficult to find without a malware scanner.
macOS is also being targeted with a version using the DMG disk image format. It will install as either a Chrome or Safari extension and redirect traffic.
Removing malware from your system
We don’t judge, but if you download cracked or pirate content, you need to be careful on so many levels. This malware is one of many you’re susceptible to, so you need to be aware.
Use a malware scanner regularly and make sure to keep the scanner updated. Malwarebytes for example, has updated itself to track ChromeLoader malware.
We presume other malware scanners have done the same thing, but check, don’t assume.
Check Chrome for any extensions you don’t recognize and remove or disable them. Then perform a full malware scan.