Shampoo

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
"Shampoo" is a malware campaign identified in August 2023, as reported by Check Point Research. The malware targets users of the Chrome browser through the spread of malicious browser extensions via fake advertisements. Victims are tricked into running VBScript files that install these harmful extensions. The research on this threat was conducted using VirusTotal and has been documented extensively on SensorsTechForum.com, which also provides a guide for removing the Shampoo ChromeLoader from infected systems. The malware's infection chain involves an unusual method of propagation. Users are enticed to play an online game where they can win discounts on products such as Flake Free Shampoo. Upon winning, users receive a QR code leading them to the product page on a website called "Pretty Girl Shopping." This site offers various items and encourages users to sign up for a credit card, further increasing their risk exposure. Despite the apparent novelty of the products and the allure of discounts, the true purpose of the website and the game is to facilitate the spread of the Shampoo malware. The security implications of this scheme are significant, as it demonstrates a new way in which cybercriminals can exploit unsuspecting users. It underscores the importance of maintaining robust cybersecurity measures, including being cautious about suspicious downloads and websites, to mitigate the risk of such malware infections.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Chromeloader
3
ChromeLoader, first identified in early 2022, is a persistent and evolving malware family known for hijacking browsers, stealing sensitive information, and running additional payloads such as other malware families. This malicious software is particularly harmful as it can infiltrate systems without
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Chrome
Spyware
Safari
Firefox
Windows
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Chromeloader ShampooUnspecified
1
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Shampoo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher (author of The Application Security Handbook)
Checkpoint
10 months ago
18th September – Threat Intelligence Report - Check Point Research
CERT-EU
10 months ago
August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU
a year ago
ChromeLoader-Malware-Kampagne bestraft Raubkopierer | ZDNet.de
CERT-EU
a year ago
HP waarschuwt: ChromeLoader-malwarecampagne straft illegale gebruikers
CERT-EU
a year ago
Prevent Your Silver From Tarnishing With This Hairy Hack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Le malware ChromeLoader cible les utilisateurs de sites de piratage – Global Security Mag Online
CERT-EU
a year ago
Le malware ChromeLoader cible les utilisateurs de sites de piratage – Global Security Mag Online
CERT-EU
a year ago
Comic: Goodnight Phone
CERT-EU
a year ago
Shampoo ChromeLoader Extension Virus - Removal
CERT-EU
a year ago
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
DARKReading
a year ago
'Shampoo' ChromeLoader Variant Difficult to Wash Out