"ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat"

Security researchers have issued a warning about the malware tool known as ChromeLoader. It first appeared in January as a consumer-focused, browser-hijacking credential stealer, but has since evolved into a widespread and multifaceted threat to organizations in various industries. According to a recent advisory from VMware's Carbon Black managed detection and response team, the malware has recently been used to drop ransomware, steal sensitive data, and deploy decompression (or zip) bombs to crash systems. Hundreds of attacks involving newer versions of the malware have been observed targeting enterprises in business services, education, government, healthcare, and other sectors. Since its initial release earlier this year, the malware's authors have released numerous versions, many of which are equipped with varying malicious capabilities. One of them is a Bloom.exe variant that first appeared in March and has since infected at least 50 VMware Carbon Black customers. Another ChromeLoader variant is being used to drop zip bombs, or malicious archive files, on user systems. Users who click on the weaponized compression files end up launching malware that overloads and crashes their systems. Since August, the operators of the appropriately named CrashLoader variant have used the malware to distribute the Enigma ransomware family. This article continues to discuss findings regarding the ChromeLoader malware.

Dark Reading reports "ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat"