ChromeLoader is More Than an Ordinary Browser Hijacker
ChromeLoader is a browser hijacker that has been around for a while. However, over the past few days, there has been a marked increase in infections and activity.
ChromeLoader does what you would expect every browser hijacker to do to a system. It will change browser settings and redirect search engines to use its own, pushing result pages that are filled with ads and may lead to misleading or potentially harmful pages and other potentially unwanted programs.
What makes ChromeLoader special is the way it infiltrates the system. ChromeLoader makes extensive use of PowerShell - a native Windows tool.
Using PowerShell commands, the malware will snag a malicious file from a remote server and plug that as an extension inside the victim system's browser.
ChromeLoader is being distributed using fake cracks for paid software and computer games. The file used as the lure is a disk image .ISO that once loaded will contain a malicious executable, supposedly the crack for the software in question.
ChromeLoader is not a PC-exclusive threat, its operators also target Mac computers, distributing the malware inside .DMG disk image files. With no PowerShell on Macs, the Mac version of the malware uses a script that is executed to download the malicious browser extension.