Connect with us

Technology

ChromeLoader Malware Campaign Punishes Pirating Users, HP Warns

HP

New report finds attackers hiding malware in OneNote documents, while threat actors use trusted domains to bypass Office macro controls

HP Inc. (NYSE: HPQ) issued its quarterly HP Wolf Security Threat Insights Report, showing threat actors are hijacking users’ Chrome browsers if they try to download popular movies or video games from pirating websites.

By isolating threats that have evaded detection tools on PCs, HP Wolf Security has specific1 insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches.

Based on data from millions of endpoints running HP Wolf Security2, the researchers found:

  • The Shampoo Chrome extension is hard to wash out: A campaign distributing the ChromeLoader malware tricks users into installing a malicious Chrome extension called Shampoo. It can redirect the victim’s search queries to malicious websites, or pages that will earn the criminal group money through ad campaigns. The malware is highly persistent, using Task Scheduler to re-launch itself every 50 minutes.
  • Attackers bypass macro policies by using trusted domains: While macros from untrusted sources are now disabled, HP saw attackers bypass these controls by compromising a trusted Office 365 account, setting up a new company email, and distributing a malicious excel file that infects victims with the Formbook infostealer.
  • Firms must beware of what lurks beneath: OneNote documents can act as digital scrapbooks, so any file can be attached within. Attackers are taking advantage of this to embed malicious files behind fake “click here” icons. Clicking the fake icon opens the hidden file, executing malware to give attackers access to the users’ machine – this access can then be sold on to other cybercriminal groups and ransomware gangs.

Sophisticated groups like Qakbot and IcedID first embedded malware into OneNote files in January. With OneNote kits now available on cybercrime marketplaces and requiring little technical skill to use, their malware campaigns look set to continue over the coming months.

“To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites. Employees should be wary of suspicious internal documents and check with the sender before opening. Organizations should also configure email gateway and security tool policies to block OneNote files from unknown external sources,” explains Patrick Schläpfer, Malware Analyst at the HP Wolf Security threat research team, HP Inc.

From malicious archive files to HTML smuggling, the report also shows cybercrime groups continue to diversify attack methods to bypass email gateways, as threat actors move away from Office formats. Key findings include:

  • Archives were the most popular malware delivery type (42%) for the fourth quarter running when examining threats stopped by HP Wolf Security in Q1.
  • There was a 37-percentage-point rise in HTML smuggling threats in Q1 versus Q4.
  • There was a 4-point rise in PDF threats in Q1 versus Q4.
  • There was a 6-point drop in Excel malware (19% to 13%) in Q1 versus Q4, as the format has become more difficult to run macros in.
  • 14% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in Q1 2023.
  • The top threat vector in Q1 was email (80%) followed by browser downloads (13%).

“To protect against increasingly varied attacks, organizations must follow zero trust principles to isolate and contain risky activities such as opening email attachments, clicking on links, or browser downloads. This greatly reduces the attack surface along with the risk of a breach,” comments Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc.

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior.

About the data

This data was anonymously gathered within HP Wolf Security customer virtual machines from January-March 2023.

About HP

HP Inc. (NYSE: HPQ) is a global technology leader and creator of solutions that enable people to bring their ideas to life and connect to the things that matter most. Operating in more than 170 countries, HP delivers a wide range of innovative and sustainable devices, services and subscriptions for personal computing, printing, 3D printing, hybrid work, gaming, and more. For more information, please visit: http://www.hp.com.

About HP Wolf Security

HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://www.hp.com/uk-en/security/endpoint-security-solutions.html.

Source – HP
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Emirates Emirates
Travel1 year ago

Brewing Excellence’ – Emirates offers a world class range of coffee to connoisseurs

Celebrating International Coffee Day on 1 October, Emirates highlights the wide array of artisan coffee served in Emirates lounges and...

Emirates Emirates
Travel1 year ago

Emirates’ Premium Economy to extend to São

Premium Economy to be introduced on Emirates’ A380 service to São Paulo from 19 November, representing the first in Emirates’...

Metro Metro
Finance1 year ago

Metro Bank Women’s Team of The Year Announced

Best domestic XI selected by PCA MVP Rankings, powered by Argentex Georgia Adams captains the 2023 Metro Bank PCA Women’s...

Honda Honda
Auto1 year ago

Honda and Acura Electric Vehicles Will Have Access to Largest EV Charging Networks in North America Aided by New Agreements with EVgo and Electrify America

New agreements add single-app access to EVgo and Electrify America charging networks, plus roaming partners, through the HondaLink® and Acura...

Oracle Oracle
Technology1 year ago

Oracle Partners with TELMEX-Triara to Become the Only Hyperscaler with Two Cloud Regions in Mexico

Oracle opens new region in Monterrey in partnership with Teléfonos de México (TELMEX-Triara) and continues expanding its global cloud region...

Cosmic web Cosmic web
Education1 year ago

Cosmic Web Lights Up in the Darkness of Space

Like rivers feeding oceans, streams of gas nourish galaxies throughout the cosmos. But these streams, which make up a part...

HP HP
Technology1 year ago

75% of Companies Struggling with IT Operational Challenges in a Hybrid World

HP Inc. (NYSE: HPQ) announced the findings of a new commissioned study, conducted by Forrester Consulting, highlighting the need for...

Visa Visa
Finance1 year ago

Visa Program Combats Friendly Fraud Losses For Small Businesses Globally

Visa Inc. (NYSE:V), a world leader in digital payments, spotlighted the evolution of its dispute program, making it easier for...

Coca cola Coca cola
Food and Beverage1 year ago

New study measures the coca-cola system’s u.s. Economic contributions at $57.8 billion in 2022

In the United States, The Coca‑Cola Company and 64 independently owned bottlers, collectively the Coca‑Cola system, contributed $57.8 billion in...

ANZ ANZ
Finance1 year ago

Court approves ANZ and ASIC settlement relating to credit card cash advance fees being charged in some circumstances

Further to a release on 30 May 2022,[1] ANZ announced that the Federal Court of Australia has approved its agreement...

Translate »