Google Chrome users looking to download pirated software at risk of new malware infection

The malware activates once users download and run the "install" program in the ISO file. ST PHOTO: BENJAMIN SEETOR

SINGAPORE - Internet users, especially those on Google's Chrome browser, should think twice before illegally downloading video games and other software.

Software researchers have warned about ChromeLoader, a malware that masquerades as pirated digital files and allows hackers to steal data or install ransomware on infected computers.

"This malware has been observed to be distributed using malicious ISO and DMG files through advertisements, browser redirects and YouTube video comments," said the Singapore Computer Emergency Response Team (SingCert) of the Cyber Security Agency of Singapore, which sounded the alert on Wednesday.

An ISO file is a digital copy of content originally found on a DVD or CD. It is often used as a back-up for the contents in the disc.

The file can be accessed with the right software on a device running on the Windows operating system, as though it was reading from a DVD or CD.

A DMG file is the ISO counterpart for Apple devices.

Most pirated versions of software or video games available online tend to be in the ISO or DMG format.

According to a report published on Monday by security firm VMware Carbon Black, cyber criminals typically distribute ChromeLoader via an ISO file impersonating pirated software on social media platforms, torrents and pirate websites. The malware might even be bundled with actual pirated software.

The malware activates once users download and run the "install" program in the ISO file.

VMware also noted instances of ChromeLoader imitating legitimate programs such as OpenSubtitles - which helps users find subtitles for popular movies and TV shows - and online music player FLB Music.

In such cases, the malware is triggered when users attempt to install the downloaded program.

VMware said the impact of malware infection varies.

Some ChromeLoader variants cause the device to download and install a Chrome extension, which modifies the browser's settings to show search results of unwanted advertising websites.

Others release programs that steal information from infected devices, install ransomware, or even crash systems by overloading them with data.

In its statement on Wednesday, SingCert advised Chrome users to:

  • Download games and software from legitimate websites.
  • Review all browser extensions installed. To check the tools installed, click the three dots in the top right corner of the browser window to access "More Tools" and then click on "Extensions".
  • Reset browser settings and implement additional clean-up methods to remove unwanted ads, pop-ups and malware.
  • Ensure that security software is up to date and performs regular scans to detect such malware.
  • Actively review developer information and extension permissions before installing a new extension to the Chrome browser.

Join ST's Telegram channel and get the latest breaking news delivered to you.