HP: Threat actors are hijacking users’ Chrome browsers when downloading from pirating sites


Pirating sites are choked full of files that people are clamoring to get their mitts on. From movies and music to photography and books, you can be sure to find what you want on pirating sites. But you might want to rethink that next download.

Estimated reading time: 2 minutes

While pirating sites might look appealing, they have more than just good files that can be downloaded. HP has issued its quarterly HP Wolf Security Threat Insights Report, showing threat actors are hijacking users’ Chrome browsers if they try to download popular movies or video games from pirating websites.

Mac Malware

Based on data from millions of endpoints running HP Wolf Security, the researchers found this about pirating sites:

  • The Shampoo Chrome extension is hard to wash out: A campaign distributing the ChromeLoader malware tricks users into installing a malicious Chrome extension called Shampoo. It can redirect the victim’s search queries to malicious websites or pages that will earn the criminal group money through ad campaigns. The malware is highly persistent, using the Task Scheduler to re-launch itself every 50 minutes.
  • Attackers bypass macro policies by using trusted domains: While macros from untrusted sources are now disabled, HP saw attackers bypass these controls by compromising a trusted Office 365 account, setting up a new company email, and distributing a malicious Excel file that infects victims with the Formbook infostealer.
  • Firms must beware of what lurks beneath: OneNote documents can act as digital scrapbooks so that any file can be attached within. Attackers are taking advantage of this to embed malicious files behind fake “click here” icons. Clicking the fake icon opens the hidden file, executing malware to give attackers access to the users’ machine – this access can then be sold on to other cybercriminal groups and ransomware gangs.

Sophisticated groups like Qakbot and IcedID first embedded malware into OneNote files in January. With OneNote kits now available on cybercrime marketplaces and requiring little technical skill to use, their malware campaigns look set to continue over the coming months.

“To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites. Employees should be wary of suspicious internal documents and check with the sender before opening. Organizations should also configure email gateway and security tool policies to block OneNote files from unknown external sources,” explains Patrick Schläpfer, Malware Analyst at the HP Wolf Security threat research team, HP Inc.


The easiest solution for this is to stay off pirating sites.

What do you think? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network. And subscribe to our RUMBLE channel for more trailers and tech videos.


Infographic: Tracking the impact of your corporate learning tech

Six creative uses for Wi-Fi you may not have considered


Latest Articles

Share via
Copy link
Powered by Social Snap