Malicious actors are becoming more cunning every day, exploiting software and system vulnerabilities as the opportunities present themselves. One of the major ways these malicious actors gain access to systems is through social engineering. One of the latest malware attacks that have reached the headlines in the last month is called ChromeLoader. This virus has seen an increase in detections after a reasonably consistent volume since the beginning of the year, making the malware a widespread and realistic danger.
Although something like a browser hijacker might not rate high on the security radar, it should. Even something as “basic” as ChromeLoader can have a significant influence on an organization’s cyber security compliance efforts, and expert knowledge can add value and improve compliance. By implementing up-to-date anti-virus solutions and partnering with a specialist in the field of vulnerability management, organizations can effectively address their cyber security needs.
Sepiocyber.com is a third-party specialist who can provide cyber vulnerability services to organizations that understand the value of their data and systems.
Meet Choziosi aka ChromeLoader
ChromeLoader is a persistent browser hijacker that alters victims’ browser settings and redirects traffic to advertising websites. This malware is spread using an ISO file that pretends to be a cracked video game or pirated movie to trick people into running it. Initially discovered on the social media platform Twitter where malicious actors posted QR codes as download links for pirated software and media. When unsuspecting users impulsively followed the link, they were given a link to download a tainted ISO file.
After infecting the host operating system, it takes the form of a browser add-on on both the Google Chrome browser in Microsoft Windows as well as the Macintosh Safari browser.
Industry security specialists discovered that ISO file is made up of two parts: “_meta.txt” and “downloader.exe,” the former of which contains an encrypted PowerShell script and the latter of which is needed to decode it. The PowerShell script creates a task called “ChromeTask” (name may change) that runs every ten minutes. The malicious Google Chrome browser plugin “archive.zip” is also downloaded by the PowerShell script. However, some victims of this infection have complained that their Chrome browsers keep closing themselves owing to the task repetition (which is an oversight that likely encourages swifter detection of ChromeLoader).
Why is this significant to your organization?
Although employees would typically not download and execute pirated software ISOs on company infrastructure, a much more sinister threat exists. Many modern browsers, including Chrome and Safari, have the built-in capability to synchronize personalized browser settings and extensions from their browsers on their home computers.
When your employees synchronize the browsers between their various devices they can see and adjust their synchronized information, such as bookmarks, history, passwords, and extensions, across all their devices. This includes browsers on your business infrastructure and your organization’s network.
This could pose a significant threat to your business since this simplistic malware could easily be repurposed to monitor network communications as well as log keystrokes to sensitive account logins.
How to address this risk
The process of determining the possible financial impact of a cyber-attack is known as cyber risk quantification (CRQ). Quantifying cyber risks allows for more informed decision-making, allowing security professionals to prioritize which threats and vulnerabilities to address first.
A vulnerability assessment gives information on any security flaws in an organization’s environment. It also instructs on how to evaluate the hazards connected with certain flaws. This method gives the company a greater awareness of its security issues.
Your organization contains a lot of sensitive information, which needs to be protected from viruses and malicious actors. Antivirus and antimalware software help keep your organization safe from viruses and malicious actors. If your client information or corporate communications are leaked online, the organization’s reputation will be jeopardized.
It is crucial that every organization keeps a close eye on and identifies possible vulnerabilities in their network. As discussed in this article, even something that might be seen as a trivial risk, like a browser extension, could cause serious damage. Even trusted channels, such as browser synchronization, might expose you to risks. Organizations need a partner who specializes in tracking down and discovering new and emerging vulnerabilities to stay on top of their cyber security game.