Gamers not safe: ChromeLoader malware on your way

A new virus has been observed targeting gamers via fake Nintendo and Steam hacks. Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. 

According to AhnLab: ‘When a VHD file is downloaded through this process, the user can easily mistake the malicious VHD file for a game-related program. The files inside the malicious VHD are shown below. Everything except for the Install.lnk file has the hidden property enabled, so ordinary users will only see the Install.lnk file.’

What is ChromeLoader malware?

ChromeLoader malware is a type of malicious software that targets Google Chrome web browsers. It is designed to do the following: 

• Load unwanted or malicious extensions. 
• Modify browser settings.
• Display unwanted ads or redirect users to fake websites.

Once installed, ChromeLoader malware typically runs in the background of the infected computer, using up system resources and slowing down the computer’s performance. It can also collect sensitive information such as login credentials, browsing history, and financial data, and send it back to the attacker.

ChromeLoader malware can be distributed through various means, including malicious downloads, phishing emails, or bundled with other software. 

A new ChromeLoader #malware campaign is being distributed via virtual hard disk (VHD) files, marked as hacks or cracks for #Nintendo and Steam games. pic.twitter.com/hAgkKMTFqG

— Cyber Intelligence Unit (@Onlineintelunit) February 28, 2023

How did it evolve?

When it was first discovered, the virus only had limited capabilities of attacking Google’s web browser. With time, it has gone through many versions. The shift to VHD files is yet another sign that the campaign has gone through many changes over the past few months.

The main target of the virus is the people using pirated games and cheats. Famous games like Elden Ring, Dark Souls III, Red Dead Redemption 2, Need for Speed, Call of Duty and Microsoft Office, and Adobe Photoshop are reported to be affected.

Intimation from experts: ‘Recently, there has been an increase in malware using disk image files. Disguising malware as game hacks and crack programs is a method employed by many threat actors. Users must be particularly cautious about executing files downloaded from unknown sources, and it is advised that users download programs from their official websites. AhnLab’s anti-malware product, V3, detects and blocks the malware.’

Devastating history of ChromeLoader 

ChromeLoader has been used by many invaders in the past to disrupt user privacy and steal data. Some of the examples are:

• In 2020, security researchers discovered a new variant of the IcedID banking trojan that used ChromeLoader malware to target victims in the United States and Canada. 
• In 2019, researchers from ESET reported on a new campaign by the Stantinko botnet that used ChromeLoader malware to infect victims in Russia, Ukraine, Belarus, and Kazakhstan. 
• In 2018, security researchers discovered a new browser hijacker called SearchEncrypt that used ChromeLoader malware to modify browser settings and redirect users to unwanted search results.

Action plan

Once the malware hits you, there is no coming back. So, it is important to mitigate the risk before it hits. Here’s how:

• Try not to buy pirated software and games
• Avoid clicking on suspicious links
• Avoid downloading files from unauthentic websites
• Use two-factor authentication
• Keep yourself updated
• Install reliable anti-virus software and a VPN to encrypt your information safely.