New ‘Shampoo’ Chromeloader malware pushed via fake warez sites


A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo.

This discovery of the new campaign comes from HP’s threat research team (Wolf Security), who report that the operation has been underway since March 2023.

ChromeLoader history

ChromeLoader is a browser hijacker that force-installs browser extensions that redirect search results to promote unwanted software, fake giveaways, surveys, adult games, dating sites, and other irrelevant results.

Roughly a year ago, analysts at Red Canary reported a sudden spike in ChromeLoader distribution that had started in February 2022, now including macOS on the targeting scope along with Windows.

In September, VMware and Microsoft warned of another massive ChromeLoader campaign featuring the experimental ability to drop additional malware, including ransomware.

More recently, in February 2023, security researchers at ASEC discovered a campaign where ChromeLoader malware was distributed in VHD files named after popular video games.

Read more…