Fake ROBLOX and Nintendo game cracks drop ChromeLoader malware

What’s worse, in the new campaign, ChromeLoader malware evades detection by security software.

Beware of fake ROBLOX, Steam and Nintendo game cracks that may contain the ChromeLoader malware. Learn more about the threat and how to protect your device from this malicious software.

The cybersecurity researchers at AhnLab Security Emergency response Center (ASEC) have discovered a new ChromeLoader malware campaign in which hackers managed to bypass antivirus programs and other cybersecurity mechanisms. This campaign is dubbed uncommon due to the file type attackers have used to evade detection.

According to AhnLab researchers, the ChromeLoader malware campaign is distributed via VHD (virtual hard disk) files, which is a different choice because, usually, ISO optical disc image format files are used in such campaigns.

However, in this case, attackers have used VHD files, which are distributed with filenames that seem like cracks or hacks for Steam and Nintendo games. The objective is to modify browser settings by infecting web browsers, such as Google Chrome, and diverting traffic to bogus advertising websites. A VHD file can be easily mounted on a Windows device and works with most virtualization software as well.

Fake Steam and Nintendo game cracks drop ChromeLoader malware
One of the malicious websites (Screenshot credit: ACSE)

“When a VHD file is downloaded through this process, the user can easily mistake the malicious VHD file for a game-related program,” ASEC researchers said. “Disguising malware as game hacks and crack programs is a method employed by many threat actors,” researchers said in a blog post.

What is ChromeLoader?

ChromeLoader, also known as ChromeBack and Choziosi, surfaced first as a browser-hijacking credential stealer in January 2022. In May 2022, ChromeLoader malware was pushed into pirated games and QR codes.

Eventually, it evolved into a multi-faceted, potent threat capable of stealing sensitive user data, deploying ransomware, and dropping decompression bombs.

ChromeLoader can also conduct click fraud by leveraging browser extensions to monetize clicks. Many of its new versions can invade both macOS and Windows devices. The shift from ISO to VHD files indicates that ChromeLoader has undergone another round of upgrades.

Numerous Websites Promoting Fake Game Cracks/Hacks

Researchers noticed that several malicious websites were marketing cracked versions of famous games, including the following:

  • ROBLOX
  • Elden Ring
  • Dark Souls 3
  • Need for Speed
  • Mario Kart 8 Deluxe
  • Super Mario Odyssey
  • Call of Duty and more
  • Red Dead Redemption 2
  • The Legend of Zelda: Breath of the Wild

Additionally, software versions such as Adobe Photoshop and Microsoft Office are also marketed in this campaign.

Although the malicious websites hosting fraudulent game hacks and software versions have been taken offline, gamers and unsuspecting users should beware of this campaign.

Instead of downloading the game, they may receive ChromeLoader malware that can launch unwanted ads on their devices and steal credentials from web browsers and other saved data.

Users looking for pirated video game hacks and software are the key targets of attackers, who are lured into downloading VHD files from compromised websites appearing in search results.

  1. Malicious pirated games disable Windows Defender
  2. This malware hides in VPN, pirated security software
  3. Pirated software drop cryptomining malware on Macbook
  4. Pirated Version of Fire and Fury Book Loaded with Malware
  5. Inmates pirated movies from computers built with spare parts
Total
0
Shares
Related Posts