[MART] - Daily Diary #599 - ChromeLoader Evolves

ctas-mat at appgate.com ctas-mat at appgate.com
Wed Sep 21 21:45:19 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

09/21/2022 - Diary entry #599:

ChromeLoader (also known as Choziosi Loader) is a malware that first appeared in December 2021. Powered by AutoHotKey (AHK) – a framework used for scripting automation – it targets Windows devices by installing malicious Chrome extensions. Later in April, a macOS variant was discovered delivering browser extension malware into Safari and Chrome browsers.

The ChromeLoader multi-platform campaigns are delivered on social media platforms, through torrents, and pirating sites, disguised as cracked versions of games or software. ChromeLoader was initially used for financial gains via unsolicited advertisements (adware) and search engine hijacking.

Since then, ChromeLoader has evolved by delivering more sophisticated payloads that, besides the adware functionality, started to redirect web traffic, steal credentials, and recommend other malicious downloads posed as legitimate updates.

Most recently, ChromeLoader began to deliver other malware types such as ZipBomb – a lightweight malware that overloads the victims' device with data until it becomes unusable – and Enigma, a ransomware that first appeared in 2016.

This evolution on ChromeLoader’s TTPs shows that the threat actors behind it are leveraging their spreading capabilities to increase their monetary gains. Since ChromeLoader is mostly delivered through fake software download campaigns, we recommend users avoid downloading pirated/cracked software to decrease the chances of encountering ChromeLoader or similar malware.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220921/68ed348e/attachment.htm>

More information about the MART mailing list