ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don't contain what they promise.
QR codes on Twitter and malvertising
The loader for the malicious Chrome extension was initially analysed by @x3ph1 who dubbed it ChromeLoader.
To avoid misunderstandings with legitimate Chrome components we hereby refer to it as Choziosi loader.
The analysis on the loader is detailed but x3ph1 does not describe the Chrome extension Choziosi.
Twitter user @th3_protoCOL found QR codes that circulate on Twitter and advertise pirated software to lure people into downloading an ISO.
Reddit users also complain about malicious ISO files on websites that provide Steam games.
This tweet by @StopMalvertisin says the ISOs are downloaded via malicious advertisements.
hxxps://www.gdatasoftware.com/fileadmin/web/general/images/blog/2022/01/chromeloader_twitter2.png
hxxps://www.gdatasoftware.com/fileadmin/_processed_/7/1/chromeloader_reddit_c4998c051d.png
QR codes on Twitter deliver malicious Chrome extension
Userlevel 5
+3
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Login
CUSTOMER / CYMULATE EMPLOYEE LOGINor
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.