Beware pirated video game downloads as they could be malware in disguise. According to a report by AhnLab Security Emergency Response Center (ASEC), a browser hijacking credential stealer called ChromeLoader has evolved and is now capable of stealing data, deploying ransomware, and more.
ChromeLoader first appeared in January of 2022, arose in deployments in May of last year, then in September VMware reported seeing new variants popping up. It’s being distributed via a variety of malvertising sites which host the malicious files, and they appear to a user as pirated and free game downloads. When the malware is downloaded, it appears as an install.lnk file and this executes a batch script which decompresses a .zip archive, then executes a data.ini file plus a couple of scripts that retrieve a payload.
Continue reading →