A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, demonstrating a departure from the ISO optical disc image format.
“These VHD files are distributed with filenames that look like hacks or cracks in Nintendo and Steam games,” said the AhnLab Security Emergency Response Center (ASEC) in a report last week.
ChromeLoader (aka Choziosi Loader or ChromeBack) originally surfaced as a browser hijacking credential stealer in January 2022, but has since gone on to steal sensitive data, deploy ransomware, and decompress bombs. It has evolved into a more powerful and multi-faceted threat that can be dropped or dropped.
The main purpose of this malware is to compromise web browsers such as Google Chrome and modify browser settings to intercept traffic and redirect them to questionable advertising websites. Additionally, ChromeLoader emerged as a conduit for click fraud by leveraging browser extensions to monetize clicks.
Since arriving on the scene, the malware has gone through multiple versions, many of which are capable of infiltrating both Windows and macOS systems. The move to VHD files is another sign that the campaign has changed a lot over the past few months.
The infection chain indicates that users looking for pirated software and video game cheats are the primary targets, downloading VHD files from malicious websites displayed on search results pages.
Game titles and popular software used include Elden Ring, Dark Souls III, Red Dead Redemption 2, Need for Speed, Call of Duty, The Legend of Zelda: Breath of the Wild, Mario Kart 8 Deluxe, Super Mario Odyssey, Microsoft, etc. Office, and Adobe Photoshop.
“When a VHD file is downloaded in this process, a user could easily mistake a malicious VHD file for a game-related program,” said the ASEC researchers. “Disguising malware as a game hacking or cracking program is a technique many attackers employ.”
To reduce such risks, users are advised to avoid following suspicious links and download software only from official sources.
