These Pirated Media Sites are Pushing a New Chromeloader Malware

Sites that claim to offer free downloads of pirated content can often be extremely risky to visit because of the fact that this is the sort of thing that could potentially end up infecting your system with a dangerous malware. It turns out that a new Chromeloader malware named Shampoo has been making the rounds, and countless fake sites have cropped up to help propagate it with all things having been considered and taken into account.

Wolf Security, the threat analysis team working at HP, recently revealed the presence of this malware stating that it has been going around since at least March of 2023. With all of that having been said and now out of the way, it is important to note that this is the latest in a long line of Chromeloader malwares that have been wreaking havoc with regular users online.

The way this malware works is that a browser extension is force installed onto the user’s system. Once this is done, users will find themselves constantly getting redirected to suspicious looking websites that have false offers of giveaways and the like. None of these search results will be relevant to the keywords that the user put in, and they can make it harder for them to steer clear of unwanted and fictitious promotional offers than might have been the case otherwise.

Shampoo has the same search query redirection aspect to it, but in spite of the fact that this is the case, it also tends to incorporate ads onto each and every website that a user may end up visiting. Users that make the mistake of downloading this extension will not be able to open the extensions menu either, thereby making it considerably more difficult for them to remove the extension that is causing so many disruptions in their internet usage.

Even if the extension is installed, it comes with a looping script that creates a scheduled task in the operating system which makes it so that the extension gets automatically downloaded as soon as the user attempts to delete it. That makes this Chromeloader malware exceptionally tricky to remove.

Read next: Over 100 Brands Were Impersonated in This Massive Phishing Campaign
Previous Post Next Post