Chromeloader

Malware updated a month ago (2024-11-29T13:40:50.045Z)
Download STIX
Preview STIX
ChromeLoader, first identified in early 2022, is a malicious software (malware) that primarily targets browsers to steal sensitive information and execute additional payloads, usually involving other malware families. The malware has been notably used in fake ROBLOX and Nintendo game cracks, which were reported on various cybersecurity platforms. In its most recent variants, ChromeLoader has evolved to utilize Electron, a framework for creating desktop applications using web technologies such as HTML and JavaScript. This indicates that the attackers are highly skilled with this technology, as evidenced by the heavily obfuscated loader scripts embedded within the Electron application. The malware has been involved in several significant cybersecurity threats, including the Charcoal Stork malvertising campaign that delivered the SmashJacker and ChromeLoader browser hijackers. This campaign affected nearly 15% of Red Canary customers, making it one of the most severe threats of the previous year. ChromeLoader operates as a malicious browser extension that redirects users to unwanted websites, often promoting advertisements or malicious content. In 2023, ChromeLoader was the most prevalent malware family, followed by MedusaLocker and Redline Stealer. It has been widely reported in the context of posing as mods for popular platforms like Steam and Nintendo games. These developments underscore the sophistication and adaptability of the malware, emphasizing the need for robust security measures and user awareness to prevent infection.
Description last updated: 2024-09-24T17:17:20.406Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Shampoo is a possible alias for Chromeloader. Shampoo is a malware campaign that was highlighted in Check Point Research's August 2023 Most Wanted Malware report. The malware, named "Shampoo," targets Chrome browser users through fake ads loaded with malicious software. Victims are tricked into running VBScript files that install harmful Chrome
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Chrome
Ransomware
Malvertising
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Chromeloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
3 months ago
Checkpoint
6 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
Securityaffairs
2 years ago
DARKReading
2 years ago