Evolved ChromeLoader Malware Threat Targeting Chrome Browsers

Published on 21 Sep 2022

Updated on 21 Sep 2022

Security researchers have released an advisory on an evolved malware, ChromeLoader, which combines both PowerShell and disk images (ISO or DMG) to compromise systems. This malware has been observed to be distributed using malicious ISO and DMG files through advertisements, browser redirects, and YouTube video comments.

Successful exploitation could allow browser-hijacking credential stealing, ransomware dropping, stealing of data, and crashing of systems at enterprises.

To mitigate the probability of ChromeLoader infection, users of Chrome browsers are advised to:

  • Download games and software from legitimate websites.
  • Review all browser extensions installed. The steps to check the tools installed are: Click the More icon > More ToolsExtensions.
  • Reset browser settings and implement additional clean-up methods to remove unwanted ads, pop-ups, and malware.
  • Ensure that security software are up-to-date and perform regular scans to detect such malware.
  • Actively review developer information and extension permissions before installing a new extension to your browser.


More information is available here:

https://www.malwarebytes.com/blog/news/2022/05/chromeloader-targets-chrome-browser-users-with-malicious-iso-files

https://www.darkreading.com/attacks-breaches/chromeloader-malware-prevalent-more-dangerous-cyber-threat

https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html

https://www.bleepingcomputer.com/news/security/vmware-microsoft-warn-of-widespread-chromeloader-malware-attacks/