News

QR codes on Twitter deliver malicious Chrome extension

  • 30 May 2022
  • 0 replies
  • 21 views
QR codes on Twitter deliver malicious Chrome extension
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don't contain what they promise.

QR codes on Twitter and malvertising
The loader for the malicious Chrome extension was initially analysed by @x3ph1 who dubbed it ChromeLoader.
To avoid misunderstandings with legitimate Chrome components we hereby refer to it as Choziosi loader.
The analysis on the loader is detailed but x3ph1 does not describe the Chrome extension Choziosi.

Twitter user @th3_protoCOL found QR codes that circulate on Twitter and advertise pirated software to lure people into downloading an ISO.
Reddit users also complain about malicious ISO files on websites that provide Steam games.
This tweet by @StopMalvertisin says the ISOs are downloaded via malicious advertisements.

hxxps://www.gdatasoftware.com/fileadmin/web/general/images/blog/2022/01/chromeloader_twitter2.png
hxxps://www.gdatasoftware.com/fileadmin/_processed_/7/1/chromeloader_reddit_c4998c051d.png


0 replies

Be the first to reply!

Reply