ChromeLoader | Breaking Cybersecurity News | The Hacker News

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games," AhnLab Security Emergency response Center (ASEC)  said  in a report last week. ChromeLoader  (aka Choziosi Loader or ChromeBack) originally surfaced in January 2022 as a browser-hijacking credential stealer but has since evolved into a more potent,  multifaceted   threat  capable of stealing sensitive data, deploying ransomware, and even dropping  decompression bombs . The primary goal of the malware is to  compromise  web browsers like Google Chrome, and modify the browser settings to intercept and direct traffic to dubious advertising websites. What's more, ChromeLoader has emerged as a conduit to  carry out click fraud  by leveraging a browser extension to monetize cl

Cybersecurity researchers have uncovered new variants of the  ChromeLoader  information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter and free gaming sites. ChromeLoader has also been codenamed Choziosi Loader and ChromeBack by the broader cybersecurity community. What makes the adware notable is that it's fashioned as a browser extension as opposed to a Windows executable (.exe) or Dynamic Link Library (.dll). The infections typically work by enticing unsuspecting users into downloading movie torrents or cracked video games through malvertising campaigns on pay-per-install sites and social media. Besides requesting invasive permissions to access browser data and manipulate web requests, it's also designed t

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.