Be on the lookout for this malware that hijacks your browser and generates bogus search results

pcgamer.com:

Researchers at RedCanary (thanks, bleepingcomputer(opens in new tab)) have noticed an uptick in ChromeLoader (opens in new tab)activity since the beginning of the year. This malware can completely take over your browser, manipulating search results in an effort to get you to click into a network of shady malicious sites and potentially steal your user data. 

This nasty bit of malware is what is called a browser hijacker. It changes a user's browser settings to display search results and ads for bogus sites, surveys, and even adult games on both Windows PCs and macOS systems. Despite being called ChromeLoader, it does affect Apple Safari in addition to Google Chrome. 

According to RedCanary's research, the way ChromeLoader infiltrates most systems is by way of a malicious ISO archive file disguised as a cracked executable for a computer game or commercial software and distributed through torrent sites. Additionally, QR codes inside of Twitter posts promoting cracked Android games have also been found to contain links to ChromeLoader distributing sites.

In most cases, after being infected with a browser hijacker the user is redirected to a series of bad sites that are usually part of an affiliate network. Each visit to these sites funnels revenue to the malware's creator. ChromeLoader does that and more. 

RedCanary says that «ChromeLoader uses PowerShell to inject itself into the browser and add a malicious extension to it, a technique we don’t see very often (and one that often goes undetected by other security tools).» RedCanary goes on to outline a worst case scenario for this kind of malware: «If applied to a higher-impact threat—such as a credential harvester or spyware—this PowerShell behavior could help malware gain