ChromeLoader Malware Hijacks Browsers With ISO Files

The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.

Dark Reading, Nathan Eddy

May 27, 2022

2 Min Read
ChromeLoader Malware Hijacks Browsers With ISO Files
Getty Images

The browser-hijacking malware known as ChromeLoader is becoming increasingly widespread and growing in sophistication, according to two advisories released this week. It poses a big threat to business users.

ChromeLoader is a sophisticated malware that uses PowerShell, an automation and configuration management framework, to inject itself into the browser and add a malicious extension. This kind of threat drastically increases the attack surface, as today’s enterprises rely more on software-as-a-service (SaaS) apps amid flexible working environments and diverse endpoints.

“The browser is the front door to the Internet, and therefore the user’s first line of defense when they access SaaS applications,” Ohad Bobrov, Talon Cyber Security's CTO and co-founder, tells Dark Reading. “Attackers have identified the browser as an opportunity to steal remote information from SaaS applications, as well as create malicious extensions they can easily manipulate.”

In this case, the malware is using malicious optimal disc image (ISO) files — often hidden in cracked or pirated versions of software or games — to take over the browser and redirect it to display bogus search results in a malvertising scheme.

Both a MalwarebytesLabs advisory and a Red Canary warning point out that ChromeLoader’s abuse of PowerShell, combined with the use of ISO files, make ChromeLoader particularly aggressive.

Related:What To Do When Windows Defender Is Not Working

“PowerShell, like any other advanced shell, can be used as an administration tool to automate tasks,” explains Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber-risk remediation. “Admins use benign shell scripts for myriad tasks because they can be versatile and easily accessible on almost every platform.”

He points out that the use of an ISO file to carry the script, which then drops a malicious extension, is not a new technique, but it remains effective because ISOs are still commonly used in business settings. While this campaign is relying on a ruse of pirated software, ISOs are also important in network and system management and are used for installing packages on servers and containers. Linux is installed via ISO, as are some Windows upgrades.

Continue Reading on Dark Reading

Read more about:

Dark Reading

About the Authors

Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Nathan Eddy

Nathan Eddy

Nathan Eddy is a freelance writer for ITProToday and covers various IT trends and topics across wide variety of industries. A graduate of Northwestern University’s Medill School of Journalism, he is also a documentary filmmaker specializing in architecture and urban planning. He currently lives in Berlin, Germany.

See more from Nathan Eddy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears
PowerShell
How I Built My Own PowerShell Multi-File Search Tool
How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire
Career Tips
Am I Burned Out? How To Identify and Address Burnout in IT
Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables