Threat actors behind the ChromeLoader browser-hijacking malware have become increasingly active, with malware detections increasing this month, BleepingComputer
Red Canary researchers discovered that a malicious ISO file spoofing a cracked game or commercial software executable has been leveraged by ChromeLoader operators to compromise targets' devices. Double-clicking the ISO file will prompt the deployment of various files, with ChromeLoader allowing a PowerShell
command to retrieve a remote resource archive that is then loaded as an extension in Google Chrome, according to the report. Scheduled tasks will then be deleted by the PowerShell and a stealthy extension will facilitate browser hijacking and search result manipulation. The report also showed macOS systems being targeted by ChromeLoader attackers in an effort to compromise not only Google Chrome but also Apple's Safari browser.
Despite similar infection chains, attacks targeted at macOS systems involve the use of DMG files rather than ISO, as well as an installer bash script in place of the installer executable, said researchers.