Shampoo

Malware updated 4 months ago (2024-05-04T17:18:33.474Z)

Download STIX

Preview STIX

"Shampoo" is a malware campaign identified in August 2023, as reported by Check Point Research. The malware targets users of the Chrome browser through the spread of malicious browser extensions via fake advertisements. Victims are tricked into running VBScript files that install these harmful extensions. The research on this threat was conducted using VirusTotal and has been documented extensively on SensorsTechForum.com, which also provides a guide for removing the Shampoo ChromeLoader from infected systems. The malware's infection chain involves an unusual method of propagation. Users are enticed to play an online game where they can win discounts on products such as Flake Free Shampoo. Upon winning, users receive a QR code leading them to the product page on a website called "Pretty Girl Shopping." This site offers various items and encourages users to sign up for a credit card, further increasing their risk exposure. Despite the apparent novelty of the products and the allure of discounts, the true purpose of the website and the game is to facilitate the spread of the Shampoo malware. The security implications of this scheme are significant, as it demonstrates a new way in which cybercriminals can exploit unsuspecting users. It underscores the importance of maintaining robust cybersecurity measures, including being cautious about suspicious downloads and websites, to mitigate the risk of such malware infections.

Description last updated: 2024-05-04T17:15:01.195Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Chromeloader	3	ChromeLoader, first identified in early 2022, is a persistent and evolving malware family known for hijacking browsers, stealing sensitive information, and running additional payloads such as other malware families. This malicious software is particularly harmful as it can infiltrate systems without

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Chrome

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Shampoo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher (author of The Application Security Handbook)
Checkpoint	a year ago	18th September – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU	a year ago	ChromeLoader-Malware-Kampagne bestraft Raubkopierer \| ZDNet.de
CERT-EU	a year ago	HP waarschuwt: ChromeLoader-malwarecampagne straft illegale gebruikers
CERT-EU	a year ago	Prevent Your Silver From Tarnishing With This Hairy Hack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
CERT-EU	a year ago	Le malware ChromeLoader cible les utilisateurs de sites de piratage – Global Security Mag Online
CERT-EU	a year ago	Le malware ChromeLoader cible les utilisateurs de sites de piratage – Global Security Mag Online
CERT-EU	a year ago	Comic: Goodnight Phone
CERT-EU	a year ago	Shampoo ChromeLoader Extension Virus - Removal
CERT-EU	a year ago	New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
DARKReading	a year ago	'Shampoo' ChromeLoader Variant Difficult to Wash Out