The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.
ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or theft of browser-session data.
Researchers are warning of the potential for ChromeLoader—which has seen a resurgence in activity recently—to pose a more sophisticated threat than typical malvertisers do, according to two separate blog posts by Malwarebytes Labs and Red Canary.
ChromeLoader is a pervasive and persistent browser hijacker that eventually manifests as a browser extension, modifying victims’ Chrome settings and redirecting user traffic to advertisement websites. On Windows machines, victims become infected with the malware through ISO files that poses as a cracked video game or pirated films or TV programs, researchers said.
However, ChromeLoader is platform agnostic, which means users of macOS also are at risk from infection, according to a blog post from Malwarebytes Lead Malware Intelligence Analyst Christopher Boyd. However, instead of lurking in ISO files,