Chromeloader

Malware updated 2 months ago (2024-07-08T16:17:38.160Z)

Download STIX

Preview STIX

ChromeLoader, first identified in early 2022, is a persistent and evolving malware family known for hijacking browsers, stealing sensitive information, and running additional payloads such as other malware families. This malicious software is particularly harmful as it can infiltrate systems without the user's knowledge through suspicious downloads, emails, or websites. Recent variants of ChromeLoader have demonstrated an advanced use of Electron, a framework for creating desktop applications using web technologies like HTML and JavaScript. The loader scripts within the Electron application used by ChromeLoader are heavily obfuscated, suggesting that the attackers have a high level of familiarity with this technology. One of the most notable cybersecurity threats involving ChromeLoader was the Charcoal Stork malvertising campaign in 2023. This campaign delivered the SmashJacker and ChromeLoader browser hijackers, affecting nearly 15% of Red Canary customers. Moreover, in 2023, ChromeLoader was the most prevalent malware family, followed by MedusaLocker and Redline Stealer. These incidents highlight the significant threat posed by ChromeLoader to both individual users and organizations. ChromeLoader has also been associated with fake game cracks, particularly those related to ROBLOX and Nintendo. These fraudulent cracks have been identified as a primary distribution method for the malware. Once installed, ChromeLoader infects the browser by loading malicious extensions, further compromising system security. As ChromeLoader continues to evolve and adapt, maintaining robust cybersecurity measures and staying informed about the latest threats is crucial.

Description last updated: 2024-07-08T16:16:07.427Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Shampoo	3	"Shampoo" is a malware campaign identified in August 2023, as reported by Check Point Research. The malware targets users of the Chrome browser through the spread of malicious browser extensions via fake advertisements. Victims are tricked into running VBScript files that install these harmful exten

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Chrome

Ransomware

Malvertising

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Chromeloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	2 months ago	Exploring Compiled V8 JavaScript Usage in Malware - Check Point Research
CERT-EU	6 months ago	Cybersecurity threats escalate \| SC Media \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	6 months ago	34 Million Roblox Credentials Exposed on Dark Web in Three Years
CERT-EU	9 months ago	86% of cyberattacks are delivered over encrypted channels - Help Net Security
CERT-EU	9 months ago	Gamers Warned of Potential CS2 Exploit That Can Reveal IP Addresses
CERT-EU	10 months ago	Surge in QR Code Quishing: Check Point Records 587% Attack Spike
CERT-EU	a year ago	Update: The 2023 Malware League Table
Checkpoint	a year ago	18th September – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU	a year ago	Cyber Security Week in Review: September 1, 2023
CERT-EU	a year ago	Three malware loaders behind 80% of intrusions, researchers find
CERT-EU	a year ago	Fake Chrome Browser Update Installs NetSupport Manager RAT
CERT-EU	a year ago	Roblox Data Breach: PII of Thousands of Developers Stolen
CERT-EU	a year ago	Razer Data Breach: Alleged Database and Backend Access Sold for $100k
CERT-EU	a year ago	ChromeLoader-Malware-Kampagne bestraft Raubkopierer \| ZDNet.de
CERT-EU	a year ago	HP waarschuwt: ChromeLoader-malwarecampagne straft illegale gebruikers
CERT-EU	a year ago	Fake Super Mario 3 Installers Drop Crypto Miner, Data Stealer
Securityaffairs	2 years ago	Security Affairs newsletter Round 408 by Pierluigi Paganini
DARKReading	2 years ago	Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats
CERT-EU	a year ago	Minecraft Community on High Alert as Malware Infects Popular Mods