An HP Wolf Security report has highlighted how hackers are leveraging a ChromeLoader exploit and using code-signing certificates and malvertising techniques to distribute malware via fake companies and websites.
As part of what appears to be a large-scale cyberattack, cybercriminals are reportedly exploiting the ChromeLoader vulnerability (ChromeLoader is a malicious browser extension) by using valid code-signing certificates (the digital certificates to verify software authenticity and integrity), allowing them to bypass Windows security measures like AppLocker without triggering user warnings.
The report highlights how the attackers set up fake companies to obtain these valid certificates or steal them from legitimate sources. These fake companies then host websites that offer seemingly legitimate tools, such as PDF readers or converters, to lure in victims.
The campaign uses malvertising (malicious advertising) to direct potential victims to the well-designed but malware-ridden websites which often appear in search results for popular keywords like “PDF converters” and “manual readers.”
Once victims visit these infected sites, their browsers can be hijacked, allowing attackers to redirect search queries to malicious sites, increasing the scope of their attacks.
HP’s report suggests that the scripts used in this campaign were likely developed using generative AI tools, making it easier and faster for cybercriminals to launch such attacks.
The advice to avoid ChromeLoader attacks is to only download software from trusted sources, be cautious of online ads, keep security features enabled, use antivirus software, and regularly update your browser and system.