The Hacker News reports that new variants of the ChromeLoader info-stealing malware, also known as ChromeBack and Choziosi Loader, have been discovered. Despite being initially reported to be spread through ISO and DMG file downloads in January, ChromeLoader has already been used in an attack involving an AutoHotKey-compiled executable in December, according to a report from Palo Alto Networks' Unit 42 threat intelligence unit. "This malware was an executable file written using AutoHotKey (AHK) a framework used for scripting automation," wrote researcher Nadav Barak, who noted that the first ChromeLoader version did not have obfuscation capabilities already present in the one identified a month later. ChromeLoader has since evolved to using Chrome extension version 6.0 in an undocumented campaign. "This malware demonstrates how determined cybercriminals and malware authors can be: In a short time period, the authors of ChromeLoader released multiple different code versions, used multiple programming frameworks, enhanced features, advanced obfuscators, fixed issues, and even adding cross-OS support targeting both Windows and macOS," Barak added.