Quick Bit: Security researchers are warning of a new browser hijacking malware script impacting Google Chrome called “ChromeLoader,” here’s how to tell if you’re at risk.
Threat Post reports that security researchers have begun warning of a new browser hijacking malware called ChromeLoader. The malware attempts to hijack users’ Google Chrome web browsers and redirect them to advertisements websites and other malicious pages but differs from other malware in that it uses Windows PowerShell, expanding its capabilities.
ChromeLoader manifests as a browser extension, modifying victims’ Chrome settings and redirecting user traffic. On Windows machines, victims are most likely to become infected with the virus via ISO files posing as video games or pirated films and TV shows.
ChomeLoader uses PowerShell to inject itself into the brows and add a malicious extension. Aedan Russell from Red Canary’s Detection Engineering team warned in a blog post that this is “a technique we don’t see very often (and one that often goes undetected by other security tools).”
He added: “If applied to a higher-impact threat–such as a credential harvester or spyware–this PowerShell behavior could help malware gain an initial foothold and go undetected before performing more overtly malicious activity, like exfiltrating data from a user’s browser sessions.”
Researchers have suggested a number of methods for users to avoid the virus. One obvious tip is to avoid downloading illegal software or videos.
But if a user is worried that their computer has been infected, they can check for ChromeLoader by following these steps:
Click the settings button on Google Chrome
Select “More Tools -> Extensions”
Look through all the installed extensions in the browser. If you don’t remember installing or approving an extension, consider disabling it.
Read more at Threat Post here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org
Originally found on Breitbart Read More