HQ/EMEAFind out how we can help your business
The new Shampoo ChromeLoader campaign has been infecting visitors of pirated movies and warez sites to hijack and push adware to targeted browsers. Based on reports, the campaign has been operating since March this year and has already infected numerous individuals.
ChromeLoader is a web browser hijacker that mandatorily installs browser extensions that could redirect search results to endorse several malicious entities, such as fake giveaways, adult games, irrelevant results, surveys, and software solutions.
The Shampoo ChromeLoader is the latest addition to the increasing use of ChromeLoader since last year.
According to an investigation, the Shampoo ChromeLoader is the newest case of ChromeLoader distribution since last year. In addition, these ChromeLoader attacks could now include macOS to its targeted systems along with Windows.
VMware and Microsoft have warned everyone about another campaign, including the experimental ability to deploy additional malware and ransomware strains. Earlier this year, a separate researcher also discovered a ChromeLoader campaign that distributes VHD files titled after well-known video games.
Furthermore, a ChromeLoader campaign last March spread via a network of malicious websites that ensures free downloads of copyrighted video games, movies, and music. However, the lured victims downloaded VBScripts that ran PowerShell scripts instead of the promised legitimate media files or software installers. The scripts set up a scheduled task with a chrome prefix for persistence.
Additionally, the task activated a series of scripts that downloaded the new PowerShell script into the host’s registry as “HKCU:\Software\Mirage Utilities\” and recovered the Shampoo Chrome extension.
Shampoo is a ChromeLoader variant that could inject adverts on websites that victims commonly visit and perform search query redirections. A separate researcher noticed that searches on the Shampoo ChromeLoader-infected browsers or Google are redirected to a website called ythingamgladt[.]com and to Bing search results.
Subsequently, the victims would be unable to access the Chrome extensions screen once the campaign installs the malicious ChromeLoader extension. On the other hand, the campaign will redirect the users to the Chrome settings screen when they attempt to access the extension screen.
Cybersecurity experts believe these recent campaigns are adware operations that could be financially motivated since they want to generate revenue from advertisements and search redirects.
