"'Shampoo' ChromeLoader Variant Difficult to Wash Out"
Fake websites promoting pirated video games, movies, and more are spreading a new variant of the ChromeLoader malware called "Shampoo." It steals sensitive information, redirects searches, and injects advertisements into browser sessions. Researchers from HP Wolf Security have been observing the new campaign, which appears to have been active since March. It distributes malware similar to the original ChromeLoader that was first discovered in May 2022 but is significantly more difficult to eradicate due to multiple persistence mechanisms. The first version of ChromeLoader installed a malicious Chrome extension for advertising, a process involving victims downloading malicious ISO files from websites hosting illegal content that hijack browsers. The ChromeLoader used in the Shampoo campaign is very similar in that it tricks victims into downloading and executing malicious VBScript files from websites, which ultimately leads to the installation of a malicious Chrome browser extension. Shampoo differs from the original ChromeLoader because it uses the browser's Task Scheduler to achieve persistence by scheduling a relaunch every 50 minutes. This article continues to discuss the new variant of the ChromeLoader malware.
Dark Reading reports "'Shampoo' ChromeLoader Variant Difficult to Wash Out"