ChromeLoader, what took you so long? Malvertising irritant now slings ransomware ChromeLoader – the malware that exploded onto the scene this year by hijacking browsers to redirect users to pages of ads – is apparently evolving into a more significant threat by deploying malicious payloads that go beyond malvertising. Variants of the software nasty have been seen dropping ransomware on Windows PCs and …
"ChromeLoader is typically delivered in ISO image files that marks are tricked into downloading, opening, and running the contents of"
Knowingly downloading what they think is illegal content, from an unknown, un-trusted source. Anyone dumb enough to do that almost deserves what they get.
Never underestimate the idiocy of those who must have certain software, but don’t want to pay. Way back when, in the heyday of the peer-to-peer ‘sharing’ sites, Microsoft released a new version of Office for Windows and Mac. Certain people wanted the full version, with all the apps, even if they only used Excel and Word and maybe PowerPoint a few times a year. The full version cost $600+. So some went on various ‘sharing’ sites to get it. Someone put something labeled the full installer for Office for Mac, and something else allegedly the installer for Office for Windows. In both cases the ‘installer’ was under 200kB in size. The full installer was in excess of 600 MB, how much in excess depending on whether it was the Mac or Windows version. What this thing did was erase things. On a Mac it would delete the user’s files and folders, unless the user was an admin, in which case it would erase the drive. On Windows it would just erase the drive.
Microsoft denied having anything to do with it. Sure they didn’t.
Personally, I just told the idiots who got nailed by it that perhaps they should have wondered how a 200k installer was going to install the hundreds of megabytes of files required for Office. Did they really think that the thing would download the required data from MS, and that MS wouldn’t notice? Really? Or was it just really well compressed? Or was actual thought not involved in the first place?
Idiots.
I would ask them if they had backups, knowing that the answer would be ‘no’.
Idiots in the lower range of idiots, below even the level occupied by Tory MPs.
The fact that Carbon Black was treating this as an "annoyance" instead of a serious threat make me uneasy. This is an executable code dropper. The fact that it's initial payload was a malvertising browser plugin just means that was their first paying customer. Treating them as an annoyance is just as dumb as treating someone who was tampering with pill bottles lightly because the first time they did it they substituted generic drugs for name brand. What they may do next is always an issue. If that risk is ransomware or fentanyl base counterfeits, it's a threat, not an annoyance and needs to be handled as such.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
