Google Chrome sends big warning to pirated content users

Users who watch pirated content such as movies, web series, TV shows, and video games online are in danger! HP Wolf Security has discovered a new malware campaign called ChromeLoader, which is infecting users with harmful Google Chrome extensions. The latest version, known as ChromeLoader Shampoo, spreads through websites that host pirated movies and video games.

How does this work? Hackers deceive Chrome users into downloading the fraudulent extension Shampoo, which promptly redirects the victim’s search queries to malicious websites. As a result, these criminals accumulate substantial profits by engaging in fraudulent advertising campaigns that appear as pop-ups on the screen.

HP Wolf Security experts say that getting rid of ChromeLoader Shampoo is not as straightforward as uninstalling an extension. This malware employs looping scripts and a scheduled task in Windows to reinstall the extension automatically whenever the victim attempts to remove it or restart their device. In order to disable ChromeLoader Shampoo malware, users should disable its mechanism via specific steps.

What should Chrome users do: Steps to get rid of ChromeLoader Shampoo

• The report suggests that you will need to disable the scheduled task prefixed with “chrome_”. Legitimate Chrome scheduled tasks typically begin with “Google” if you are a victim of ChromeLoader Shampoo malware.
• Following that, remove the registry key located at “HKCU:SoftwareMirage Utilities”.
• Now, temporarily disable the looping script by restarting the machine.
• These removal actions must be carried out promptly to prevent the looping script from reinstalling the malware.
• Also, check for fake OneNote documents. It is observed that “click here” icons are widely used to embed malicious software.
• The best practice to keep yourself safe from such threats is to avoid downloading content from untrusted or pirated websites.

How to identify if Shampoo or any such ChromeLoader is on your device? A simple method involves checking if Chrome is running with the “–load-extension” argument. ChromeLoader relies on this argument to load the extension into a Chrome session.