"Gamers Being Targeted with ChromeLoader Malware Using False Nintendo and Steam Game Hacks"
A ChromeLoader malware distribution campaign has been observed using Virtual Hard Disk (VHD) files. ChromeLoader, also known as Choziosi Loader or ChromeBack, first appeared in January 2022 as a browser-hijacking credential thief. It has since evolved into a more complex, multifunctional threat capable of stealing sensitive data, launching ransomware, and delivering decompression bombs. According to the AhnLab Security Emergency Response Center (ASEC), the VHD files are distributed with filenames that make them appear to be Nintendo and Steam game hacks or cracks. The primary goal of the malware seems to be to take over web browsers such as Google Chrome and modify their settings so that traffic is intercepted and redirected to advertising websites. Using a browser extension to pay for clicks, ChromeLoader has also become a tool for click fraud. Since its emergence, the malware has undergone multiple versions, several of which are capable of accessing both Windows and macOS operating systems. This article continues to discuss findings and observations regarding the novel ChromeLoader malware campaign.