Experts Warn About ‘ChromeLoader’ Malware in Google Chrome – Here’s How to Check if You Are Safe

Participant hold their laptops in front of an illuminated wall at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role …
Patrick Lux/Getty

Security researchers are warning of a new browser hijacking malware script impacting Google Chrome called “ChromeLoader,” here’s how to tell if you’re at risk.

Threat Post reports that security researchers have begun warning of a new browser hijacking malware called ChromeLoader. The malware attempts to hijack users’ Google Chrome web browsers and redirect them to advertisements websites and other malicious pages but differs from other malware in that it uses Windows PowerShell, expanding its capabilities.

Sundar Pichai, senior vice president of Chrome, speaks at Google's annual developer conference, Google I/O, in San Francisco on 28 June 2012

Sundar Pichai, senior vice president of Chrome, speaks at Google’s annual developer conference, Google I/O, in San Francisco on 28 June 2012 ( KIMIHIRO HOSHINO/AFP/GettyImages )

ChromeLoader manifests as a browser extension, modifying victims’ Chrome settings and redirecting user traffic. On Windows machines, victims are most likely to become infected with the virus via ISO files posing as video games or pirated films and TV shows.

ChomeLoader uses PowerShell to inject itself into the brows and add a malicious extension. Aedan Russell from Red Canary’s Detection Engineering team warned in a blog post that this is ”a technique we don’t see very often (and one that often goes undetected by other security tools).”

He added: “If applied to a higher-impact threat—such as a credential harvester or spyware—this PowerShell behavior could help malware gain an initial foothold and go undetected before performing more overtly malicious activity, like exfiltrating data from a user’s browser sessions.”

Researchers have suggested a number of methods for users to avoid the virus. One obvious tip is to avoid downloading illegal software or videos.

But if a user is worried that their computer has been infected, they can check for ChromeLoader by following these steps:

  • Click the settings button on Google Chrome
  • Select “More Tools -> Extensions”
  • Look through all the installed extensions in the browser. If you don’t remember installing or approving an extension, consider disabling it.

Read more at Threat Post here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address


Please let us know if you're having issues with commenting.