back to article This Windows malware uses PowerShell to inject malicious extension into Chrome

A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari. The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and …

  1. chivo243 Silver badge
    Happy

    Weird first sentence?

    a strain of Windows?? No, I haven't been round the pub... yet! Maybe a strain of Malware? But perhaps you're right!

    1. SsiethAnabuki

      Re: Weird first sentence?

      "strain of windows" sounds about right, to me ;p

      1. Strahd Ivarius Silver badge

        Re: Weird first sentence?

        Probably Windows 11...

        Wondering however how many pints were ingested before writing this piece, considering the many incomprehensible sentences...

  2. Pascal Monett Silver badge
    Windows

    More of the usual

    "ChromeLoader creates its scheduled task via injection into the Service Host (svchost.exe), using functionality from an imported Task Scheduler COM API"

    Typical Borkzilla. More full of holes than Swiss cheese.

    1. Ken Hagan Gold badge

      Re: More of the usual

      Sounds a lot like you need to run that "game" (that you downloaded from a dodgy web site) as an admin. If so, I hardly think it counts as a hole. I could "inject" malware into crontab on a Linux system if I had the privileges. It's what the damn thing is designed for!

      It is fun to see different examples of the mischief that people can get up to once they've taken over your system and it gives us more examples to use to convince our friends that they really shouldn't be running anything as admin if they can possibly avoid it, and certainly not if they've got it from a "helpful" site that meant they didn't have to pay for it. But it is hardly news.

      1. badflorist

        Re: More of the usual

        Or simply mount the ISO *if* "Autorun" is enabled. I have no Windows' machine to try, but I thought autorun being on by default was changed in Vista (or after the Sony rootkit scandal... long time ago).

        1. Anonymous Coward
          Anonymous Coward

          Re: More of the usual

          "I thought autorun being on by default was changed in Vista"

          I was wonderng the same thing.

          I know there was a big problem with USB flashdrives back in the Windows XP days that contained a hidden, read-only partition that held an ISO image like a CD-ROM to autorun portable apps through U3 technology that was being abused.

          A hacked (Memorex?) program aloowed you to modify this ISO to inject your own ISO to autorun the exeuctables hidden in your ISO.

          https://www.raymond.cc/blog/hack-u3-usb-smart-drive-to-become-ultimate-hack-tool/

    2. HildyJ Silver badge
      Facepalm

      Re: More of the Needed usual

      "using functionality from an imported Task Scheduler COM API"

      I guess you never worked in an organization's IT shop.

      Many organizations want to run the same tasks on all their machines. Third party task schedulers facilitate this process. But for it to work Microsoft's Task Scheduler HAS to have an import mechanism.

  3. Version 1.0 Silver badge

    How about a new OS?

    "Windows" are normally easily opened for the fresh air and insects to fly though the room, maybe we should switch to a new OS called "Stonewall"?

    Modern things are designed to be easy to use, that's far more important to the creators than stone wall security. So nothing much is going to change until we create a new OS that is totally secure, maybe it will be hard to add the modern "easy to use" features but I think that safer to use is where we need to head to these days.

    1. Binraider Silver badge

      Re: How about a new OS?

      The totally secure OS is a myth, because people. Even an embedded, off network system usually have some means of personnel interaction at some level. And it might not be so off network as you thought.

      Checks and balances; multiple layers, audit and penetration testing are necessary to stay on top of ones game. Changing personnel and skillsets doing those tasks is also recommended.

      This is paranoid, but working on the assumption that everything either is, or will be broken in your tenure is a necessary evil when you actually do have something worth securing to that extent.

      In consumer OS land; WIndows, Apple, Android or iOS; basically you're screwed. So don't put material you care about securing on them. (Some variants are better than others - but none by any means ideal).

      1. TimMaher Silver badge
        Alert

        ...and...

        Always keep a secure, validated, offline backup.

    2. Anonymous Coward
      Anonymous Coward

      Re: How about a new OS?

      1 thumb up for "safer to use" and 3 thumbs down by "easier to use" voters today ... does this indicate that the hacked vs secure ratio is 3:1? Guess so, that sounds like the current situation.

  4. Steve Davies 3 Silver badge
    Coat

    Why?

    In my book, anything coming from Google is malware. How can this extension (malicious or not) make it worse?

    Coat... with a bottle of anti-fungicide (google version) in the pocket

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022