The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat.
ChromeLoader is a browser hijacker that can modify the victim’s web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites.
The malware’s operators receive financial gains through a system of marketing affiliation by redirecting user traffic to advertising sites.
There are many hijackers of this kind, but ChromeLoader stands out for its persistence, volume, and infection route, which involves the aggressive use of PowerShell.
macOS targeted too
The operators of ChromeLoader also target macOS systems, looking to manipulate both Chrome and Apple’s Safari web browsers.
The infection chain on macOS is similar, but instead of ISO, the threat actors use DMG (Apple Disk Image) files, a more common format on that OS.
Moreover, instead of the installer executable, the macOS variant uses an installer bash script that downloads and decompresses the ChromeLoader extension onto the “private/var/tmp” directory.
Credit Story Bleeping Computer