ChromeLoader Operators Hide Malware in VHD Files for Game Cracks

More in detail

• In the ongoing campaign, malicious VHD files are designed to appear like either hacks or cracks for Nintendo and Steam, Call of Duty, Need for Speed, Portal 2, Minecraft, Legend of Zelda, Pokemon, Mario Kart, Animal Crossing, and Dark Souls 3.
• When a VHD file is downloaded, the user is redirected to a network of malvertising sites distributing the ChromeLoader extension.
• ChromeLoader hijacks browser searches to show advertisements and later modifies the browser setting and collects credentials and browser data.

Evolution of ChromeLoader 

• According to Red Canary, the malware caused widespread damage in May 2022. Since the beginning of the month, the malware operators used it to target both Windows and macOS systems. 
• In July 2022, Palo Alto Unit 42 Network researchers reported new variants of ChromeLoader, highlighting its evolving feature set in a short span of time.
• The infections chain works by enticing unsuspecting users into downloading movie torrents of cracked video games through malvertising campaigns on pay-per-install sites and social media. 
• In September 2022, VMware and Microsoft warned of a widespread ChromeLoader campaign that dropped node-WebKit malware and even ransomware in some cases. 

Conclusion