Beware of fake ROBLOX, Steam and Nintendo game cracks that may contain the ChromeLoader malware. Learn more about the threat and how to protect your device from this malicious software.
The cybersecurity researchers at AhnLab Security Emergency response Center (ASEC) have discovered a new ChromeLoader malware campaign in which hackers managed to bypass antivirus programs and other cybersecurity mechanisms. This campaign is dubbed uncommon due to the file type attackers have used to evade detection.
Hackers Using VHD Files As Popular Games Cracks
According to AhnLab researchers, the ChromeLoader malware campaign is distributed via VHD (virtual hard disk) files, which is a different choice because, usually, ISO optical disc image format files are used in such campaigns.
However, in this case, attackers have used VHD files, which are distributed with filenames that seem like cracks or hacks for Steam and Nintendo games. The objective is to modify browser settings by infecting web browsers, such as Google Chrome, and diverting traffic to bogus advertising websites. A VHD file can be easily mounted on a Windows device and works with most virtualization software as well.
“When a VHD file is downloaded through this process, the user can easily mistake the malicious VHD file for a game-related program,” ASEC researchers said. “Disguising malware as game hacks and crack programs is a method employed by many threat actors,” researchers said in a blog post.
What is ChromeLoader?
ChromeLoader, also known as ChromeBack and Choziosi, surfaced first as a browser-hijacking credential stealer in January 2022. In May 2022, ChromeLoader malware was pushed into pirated games and QR codes.
Eventually, it evolved into a multi-faceted, potent threat capable of stealing sensitive user data, deploying ransomware, and dropping decompression bombs.
ChromeLoader can also conduct click fraud by leveraging browser extensions to monetize clicks. Many of its new versions can invade both macOS and Windows devices. The shift from ISO to VHD files indicates that ChromeLoader has undergone another round of upgrades.
Numerous Websites Promoting Fake Game Cracks/Hacks
Researchers noticed that several malicious websites were marketing cracked versions of famous games, including the following:
- Elden Ring
- Dark Souls 3
- Need for Speed
- Mario Kart 8 Deluxe
- Super Mario Odyssey
- Call of Duty and more
- Red Dead Redemption 2
- The Legend of Zelda: Breath of the Wild
Additionally, software versions such as Adobe Photoshop and Microsoft Office are also marketed in this campaign.
Although the malicious websites hosting fraudulent game hacks and software versions have been taken offline, gamers and unsuspecting users should beware of this campaign.
Instead of downloading the game, they may receive ChromeLoader malware that can launch unwanted ads on their devices and steal credentials from web browsers and other saved data.
Users looking for pirated video game hacks and software are the key targets of attackers, who are lured into downloading VHD files from compromised websites appearing in search results.