G-Data’s analysis primarily focused on the malicious browser extension, as it had not been thoroughly researched before. It’s worth mentioning that “downloader.exe” may display an alert to users stating that the Operating System is incompatible with the software. However, due to the repetitive task, some victims have reported that their Chrome browsers continuously close themselves, which inadvertently facilitates the swifter detection of ChromeLoader. Additionally, the PowerShell script downloads the malicious Google Chrome browser extension “ archive.zip“.
The PowerShell script creates a task named “ ChromeTask” (may vary), which is scheduled to run every ten minutes. The former contains an encrypted PowerShell script, while the latter is used to decrypt it. Their research revealed that the ISO file consists of two components – “ _meta.txt” and “ downloader.exe“. G-Data researchers conducted an in-depth analysis of this loader and the malicious extension. The observed infection chain starts with Tweets (Twitter posts) that advertise pirated content through QR codes presented in meme format, tricking victims into downloading an ISO file.
#Browser hijacker activity monitor mac install
ChromeLoader Malware Infection chain starts with TweetsĪs mentioned earlier, ChromeLoader is designed to install malicious extensions onto browsers.
0 kommentar(er)
