The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat.
ChromeLoader is a browser hijacker that can modify the victim’s web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites.
The malware’s operators receive financial gains through a system of marketing affiliation by redirecting user traffic to advertising sites.
There are many hijackers of this kind, but ChromeLoader stands out for its persistence, volume, and infection route, which involves the aggressive use of PowerShell.
macOS targeted too
The operators of ChromeLoader also target macOS systems, looking to manipulate both Chrome and Apple’s Safari web browsers.
The infection chain on macOS is similar, but instead of ISO, the threat actors use DMG (Apple Disk Image) files, a more common format on that OS.
Moreover, instead of the installer executable, the macOS variant uses an installer bash script that downloads and decompresses the ChromeLoader extension onto the “private/var/tmp” directory.
The IT industry is taking another big step toward embracing password-less technology. Three major companies—Apple, Google, and Microsoft—are adopting a new login system that ditches passwords and relies on your smartphone or laptop to authenticate your sign-ins.
“This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password,” Google said in the announcement. “These capabilities will be available over the course of the coming year.”
Google has been among the vendors pushing the tech industry to drop passwords for simpler, more secure ways to grant login access. To do so, the company has been using the smartphone as a way to authenticate a user’s login. Rather than type in a password, you can simply go to your phone and unlock access to the internet account on your PC. From there, the Android phone can sign an authentication request via Bluetooth to the PC, logging you in.
The problem is that current password-less approaches don’t always work from one hardware platform to another. Functionality can also be lost if you’re signing in from a new device.
To fix this, Apple, Google, and Microsoft plan on adopting an upgraded password-less login method called “multi-device FIDO credential,” which is designed to work across platforms.
The system comes from the FIDO Alliance, a consortium of companies that have been working on standards and protocols around dropping passwords. “Until now, users were required to enroll their FIDO credentials for each service on each new device, typically with a password for that first sign-in. With multi-device FIDO credentials, the credentials are available to users whenever they need them—even if they replace their device,” the Alliance said.