![]() However, due to the task repetition - some victims of this malware have reported that their Chrome browsers continuously close themselves (which is an oversight that likely encourages swifter detection of ChromeLoader). The PowerShell script also downloads the malicious Google Chrome browser extension " archive.zip". The PowerShell creates a task titled " ChromeTask" (may vary), which is scheduled to run every ten minutes. Their research uncovered that the ISO file consists of two components - " _meta.txt" and " downloader.exe", the former contains encrypted PowerShell script while the latter is used to decrypt it. ![]() G-Data researchers performed an in-depth analysis of this loader and the malicious extension. The observed infection chain began with Tweets (Twitter posts) advertising pirated content through QR codes (presented in meme format) that tricked victims into downloading an ISO file. It is noteworthy that this piece of malicious software has been actively spread through Twitter in the form of QR codes promoting pirated software (predominantly video games) and media (movies/TV).Īs mentioned in the introduction, ChromeLoader is intended to install malicious extensions onto browsers. Currently, two distinct variants of ChromeLoader have been detected - one targeting Windows Operating Systems and another - Mac Operating Systems. This malware is designed to install malicious extension(s) onto browsers. ChromeLoader was first analyzed by x3ph, and later dubbed by G-Data researchers as Choziosi loader.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |