THERE’S a nasty piece of malware on the loose that’s targeting billions of people worldwide who use Google Chrome.
According to cyber security experts, the software takes over victims’ browsers in a bid to trick them into accessing dodgy websites.
1
Those web pages, which are run by hackers, can steal your data and possibly swindle your passwords and bank account details.
The malware, called ChromeLoader, was spotted by researchers at U.S. cyber security outfit RedCanary.
In a recent blog post, the firm’s Aedan Russell said that experts had been tracking the threat since February.
He said: “We’ve observed what appears to be a resurgence in ChromeLoader activity.”
ChromeLoader gets onto people’s PCs inside files posing as a pirated video game, movie or TV show distributed through torrent sites.
Once on your computer, it eventually manifests as a browser extension that links up with Chrome unnoticed.
From here, the malware changes a user’s browser settings to display search results and ads for bogus sites.
These websites are largely harmless but can hide far more sinister activity.
Most read in Tech
For instance, hackers could use them to trick people by posing as a social media platform or bank.
If a visitor is hoodwinked, they could then unwittingly share their account credentials or bank account details with crooks.
Russell wrote: “ChromeLoader uses PowerShell to inject itself into the browser and add a malicious extension to it.
“This is a technique we don’t see very often (and one that often goes undetected by other security tools).”
He later outlined the worst-case scenario for this kind of malware.
“If applied to a higher-impact threat—such as a credential harvester or spyware this PowerShell behaviour could help malware gain an initial foothold and go undetected,” Russell said.
He added that it could then “perform more overtly malicious activity, like exfiltrating data from a user’s browser sessions.”
To protect yourself from the malware, be extra careful when clicking any links to ensure they don’t take you to a website you don’t know.
When downloading files, make sure you trust whoever sent it to you. Don’t open any files that you do not recognise.
Generally speaking, if something doesn’t feel right – trust your gut and leave the file or website well alone.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
