ChromeLoader Malware Attacking Gamers

At the Security Emergency Response Center (ASEC) of AhnLab Security, a team of cybersecurity experts has recently uncovered a fresh wave of ChromeLoader malware that cybercriminals are employing to circumvent antivirus software and other cybersecurity defenses.

Since the attackers have used a unique type of file in this campaign to avoid detection, so, this campaign has been dubbed as an uncommon campaign.


A deviation from the typical ISO optical disc image format has been observed in the distribution of the ChromeLoader malware campaign, with cybercriminals now using virtual hard disk (VHD) files.

Cybercriminals are disguising virtual hard disk (VHD) files as hacks or cracks for popular Nintendo and Steam games as part of their distribution of the ChromeLoader malware campaign. 

The use of these deceptive file names is intended to lure unsuspecting users into downloading and running the malware, allowing attackers to gain access to sensitive information or take control of their systems.

Filenames Used in Malware Attacks

Here below we have mentioned all the filenames that are used during the distribution:-

  • ELDEN RING Free Download (v1_08_1).vhd
  • Dark Souls 3 [FitGirl Repack]_part1_rar.vhd
  • Red Dead Redemption 2 Free Download (v1_0_1436_28).vhd
  • File_ Need for Speed Carbon Collectors Edition____.vhd
  • File_ Call of Duty Deluxe Edition_zip ___.vhd
  • File_ Portal_2_v2023_01_17_zip ___.vhd
  • File_ Minecraft – Story Mode_Complete Season_zi___.vhd
  • [NEW] ROBLOX _ Doors Script _ Hack _ Spawn Enti___.vhd
  • The Legend of Zelda_ Breath of the Wild SWITCH ___.vhd
  • Pokemon Ultra Moon_ Update 1_2 [Decrypted] 3DS ___ (1).vhd
  • Animal-Crossing-New-Horizons-Switch-NSPNSZXCI-U___.vhd
  • Mario Kart 8 Deluxe (NSP)(Booster Course DLC)(W___ (2).vhd
  • Super Mario Odyssey Switch NSP+ Update Free Dow___.vhd
  • Microsoft Office 2010 Free Download.vhd
  • Adobe Photoshop 2023 Free Download.vhd

In the below image you can see the contents of the VHD files:-

With the exception of the Install.lnk file, all other files associated with the ChromeLoader malware campaign have the “hidden” property enabled. This means that when viewed by ordinary users, only the Install.lnk file will be visible, hiding the other files from view. 

The primary executable file associated with the ChromeLoader malware campaign is the Install.lnk file, which is responsible for running the properties.bat file. This batch file, in turn, executes the decompression of the archive in the ” %AppData%” path using a tar command.

Primary Target of Attackers

At the core of the ChromeLoader malware’s functionality is its ability to compromise popular web browsers, such as Google Chrome. By gaining access to a user’s browser, the malware can then modify various browser settings, redirecting internet traffic to potentially harmful websites.

By doing so, cybercriminals aim to generate revenue from ad clicks and other unethical activities. However, the malware’s impact can go beyond simple advertising fraud, with attackers potentially gaining access to sensitive user data and other valuable information.

Conducting a Google search using any of the filenames associated with the ChromeLoader malware campaign reveals multiple websites that are distributing illegal software, including game hacks and cracks. 

These results often appear at the top of the search results page, and cyber criminals use these sites as a means of distributing the malware to unsuspecting users.

Initially appearing as a credential-stealing browser hijacker, the ChromeLoader malware (also known as Choziosi Loader or ChromeBack) emerged in January 2022. 

Since then, this malicious software has undergone significant evolution, transforming into a more sophisticated and versatile threat that is capable of carrying out a range of malicious activities like:-

  • Stealing sensitive data
  • Deploying ransomware
  • Dropping decompression bombs

To minimize the risk of falling victim to malware threats like the ChromeLoader campaign, it is essential to adopt safe browsing habits and avoid following suspicious links. 

Additionally, users should only download software from official sources and avoid downloading files from unknown or unverified sources. These simple steps can significantly reduce the risk of inadvertently downloading and installing malware on your system.

Network Security Checklist – Download Free E-Book

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.