Gamers Being Targeted with ChromeLoader Malware Using False Nintendo and Steam Game Hacks

Gamers Being Targeted with ChromeLoader Malware Using False Nintendo and Steam Game Hacks

A novel ChromeLoader malware campaign that deviates from the ISO optical disc image format has been seen to be disseminated using virtual hard disk (VHD) files. Initially appearing in January 2022 as a browser-hijacking credential thief, ChromeLoader (also known as Choziosi Loader or ChromeBack) has since developed into a more sophisticated, multifaceted threat that is capable of stealing sensitive data, releasing ransomware, and even delivering decompression bombs.

“These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,” AhnLab Security Emergency response Center (ASEC) said in last week’s report.

The malware’s main objective is to hijack web browsers like Google Chrome and change their settings so that traffic is intercepted and sent to questionable advertising websites. Additionally, ChromeLoader has become a tool for click fraud by using a browser extension to pay for clicks. The malware has undergone several iterations since it first appeared, many of which have the ability to access both Windows and macOS operating systems. Another indication that the campaign has undergone several adjustments over the past few months is the switch to VHD files.

The infection chain reveals that individuals looking for video game hacks and unlicensed software are the primary targets, which results in the download of VHD files from shady websites that show up on search result pages. Elden Ring, Mario Kart 8 Deluxe, Red Dead Redemption 2, Dark Souls III, Call of Duty, The Legend of Zelda: Breath of the Wild, Super Mario Odyssey, Need for Speed, Microsoft Office, and Adobe Photoshop are a few of the games and famous applications used.

According to ASEC researchers, when a VHD file is downloaded using this method, the user may easily mistake the malicious VHD file for a game-related application. Many threat actors use the technique of disguising malware as cracked software and game hacks. Users are advised to stay away from clicking on suspicious links and download software from legitimate sources only to reduce these risks.

About the author

Yehudah Sunshine

Yehudah Sunshine

Bringing together his diverse professional cyber know-how, intellectual fascination with history and culture, and eclectic academic background focusing on diplomacy and the cultures of Central Asia, Yehudah Sunshine keenly blends his deep understanding of the global tech ecosystem with a nuanced worldview of the underlying socio-economic and political forces which drive policy and impact innovation in the cyber sectors. Yehudah's current work focuses on how to create and or opportunities enhance marketing strategies and elevate cyber driven thought leadership for cyfluencer (www.cyfluencer .com), the cybersecurity thought leadership platform. Sunshine has written and researched extensively within cybersecurity, the service sectors, international criminal accountability, Israel's economy, Israeli diplomatic inroads, Israeli innovation and technology, and Chinese economic policy.

Share: