{"id":46870,"date":"2022-05-27T15:49:24","date_gmt":"2022-05-27T15:49:24","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/chromeloader-malware-hijacks-browsers-iso-files"},"modified":"2022-05-27T15:49:24","modified_gmt":"2022-05-27T15:49:24","slug":"chromeloader-malware-hijacks-browsers-with-iso-files","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/","title":{"rendered":"ChromeLoader Malware Hijacks Browsers With ISO Files"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The browser-hijacking malware known as&nbsp;ChromeLoader is becoming increasingly widespread and growing in sophistication, according to two advisories released this week. It poses a big threat to business users.<\/p>\n<p>ChromeLoader is a sophisticated malware that&nbsp;uses PowerShell, an automation and configuration management framework, to inject itself into the browser and add a malicious extension.&nbsp;This kind of&nbsp;threat drastically increases the attack surface, as today\u2019s enterprises rely more on software-as-a-service (SaaS) apps amid flexible working environments and diverse endpoints.<\/p>\n<p>\u201cThe browser is the front door to the Internet, and therefore the user\u2019s first line of defense when they access SaaS applications,\u201d Ohad Bobrov, Talon Cyber Security&#8217;s CTO and co-founder, tells Dark Reading. \u201cAttackers have identified the browser as an opportunity to steal remote information from SaaS applications, as well as create malicious extensions they can easily manipulate.\u201d<\/p>\n<p>In this case, the malware is using malicious optimal disc image (ISO) files \u2014 often hidden in cracked or pirated versions of software or games \u2014 to take over the browser and redirect it to display bogus search results in a malvertising scheme.<\/p>\n<p>Both a MalwarebytesLabs <a href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/05\/chromeloader-targets-chrome-browser-users-with-malicious-iso-files\/\" target=\"_blank\" rel=\"noopener\">advisory<\/a><br \/>\nand a Red Canary <a href=\"https:\/\/redcanary.com\/blog\/chromeloader\/\" target=\"_blank\" rel=\"noopener\">warning<\/a> point out that ChromeLoader\u2019s abuse of PowerShell, combined with the use of ISO files, make ChromeLoader particularly aggressive. <\/p>\n<p>\u201cPowerShell, like any other advanced shell, can be used as an administration tool to automate tasks,\u201d explains Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber-risk remediation. \u201cAdmins use benign shell scripts for myriad tasks because they can be versatile and easily accessible on almost every platform.\u201d<\/p>\n<p>He points out that the use of an ISO file to carry the script, which then drops a malicious extension, is not a <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/bumblebee-malware-cyberattack-fray\" target=\"_blank\" rel=\"noopener\">new technique<\/a>, but it remains effective because ISOs are still commonly used in business settings. While this campaign is relying on a ruse of pirated software, ISOs are also important in network and system management and are used for installing packages on servers and containers. Linux is installed via ISO, as are some Windows upgrades.<\/p>\n<h2 class=\"regular-text\">Infecting the Browser Helps Bypass Security Measures<\/h2>\n<p>Parkin adds that with so many applications being now browser-based, it\u2019s a logical place for cybercriminal to put their malicious code.<\/p>\n<p>In addition, the browser is an application that is not monitored by most security programs, and extensions are usually not scanned by most endpoint protection solutions to determine whether they are malicious.<\/p>\n<p>\u201cBy infecting the browser, the attacker gets around a number of security measures, such as traffic encryption, that would otherwise impede their attack,\u201d Parkin says. \u201cIt\u2019s like adding a malicious hard drive to your system.\u201d <\/p>\n<p>Having access to a browser provides attackers access to victim data and could, in some cases, provide the opportunity to perform actions on the compromised person&#8217;s behalf.&nbsp;With such easy access and high-value information inside browsers, malware operators can achieve big results for minimal effort. <\/p>\n<p>To boot,&nbsp;ChromeLoader&#8217;s capabilities do not end with installing malicious extensions \u2014 it could carry out more advanced attacks as well.<\/p>\n<p>\u201cMost security tools don&#8217;t detect it,\u201d says Talon&#8217;s Bobrov. \u201cThe fact that ChromeLoader abuses PowerShell makes it incredibly dangerous, since this can allow for more advanced attacks, such as ransomware, fileless malware, and malicious code memory injections.\u201d<\/p>\n<p>He adds that ISO files can hold a lot of data, so there&#8217;s plenty of room for&nbsp;malware to hide. In addition,&nbsp;these files are confusing for end users and have some automatic actions that the operating system might perform.<\/p>\n<h2 class=\"regular-text\">Cyber Hygiene, User Education Needed to Stop Malicious ISO Files<\/h2>\n<p>Bobrov says that to prevent exposure to malicious ISO files, the first step is related to basic cyber hygiene: You need to understand and trust the data you download and where you download it from. <\/p>\n<p>\u201cDo not launch ISO files that are not from trusted sources, and never run files inside ISO without verifying their safety,\u201d he advises. \u201cWhen browsing the Internet, make sure you have security controls in place to help monitor the websites you browse and help protect you from malicious content.\u201d<\/p>\n<p>From Parkin\u2019s perspective, user education is a good first step to prevent exposure to malicious ISO files, which includes teaching users to be wary of downloading suspect files. (Any cracked software falls into this bucket.)<\/p>\n<p>\u201cBeyond user education, admins can deploy tools and enforce policies that restrict mounting ISO files, though that may be a challenge in [bring-your-own-device] BYOD environments,\u201d he says.<\/p>\n<p>A step beyond that is using remote desktop environments such as VNC, Citrix, or Windows Remote Desktop, which can shift policy enforcement back into the IT admin\u2019s hands.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/chromeloader-malware-hijacks-browsers-iso-files\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The malware\u2019s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/chromeloader-malware-hijacks-browsers-iso-files\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-46870","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ChromeLoader Malware Hijacks Browsers With ISO Files 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ChromeLoader Malware Hijacks Browsers With ISO Files 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-27T15:49:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"ChromeLoader Malware Hijacks Browsers With ISO Files\",\"datePublished\":\"2022-05-27T15:49:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/\"},\"wordCount\":786,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7e9fcd7cc1790e53\\\/6290e7456336584a7a974b56\\\/Chrome-imageBROKER-alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/\",\"name\":\"ChromeLoader Malware Hijacks Browsers With ISO Files 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7e9fcd7cc1790e53\\\/6290e7456336584a7a974b56\\\/Chrome-imageBROKER-alamy.jpg\",\"datePublished\":\"2022-05-27T15:49:24+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7e9fcd7cc1790e53\\\/6290e7456336584a7a974b56\\\/Chrome-imageBROKER-alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt7e9fcd7cc1790e53\\\/6290e7456336584a7a974b56\\\/Chrome-imageBROKER-alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chromeloader-malware-hijacks-browsers-with-iso-files\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ChromeLoader Malware Hijacks Browsers With ISO Files\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ChromeLoader Malware Hijacks Browsers With ISO Files 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/","og_locale":"en_US","og_type":"article","og_title":"ChromeLoader Malware Hijacks Browsers With ISO Files 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-27T15:49:24+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"ChromeLoader Malware Hijacks Browsers With ISO Files","datePublished":"2022-05-27T15:49:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/"},"wordCount":786,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/","url":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/","name":"ChromeLoader Malware Hijacks Browsers With ISO Files 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg","datePublished":"2022-05-27T15:49:24+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt7e9fcd7cc1790e53\/6290e7456336584a7a974b56\/Chrome-imageBROKER-alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chromeloader-malware-hijacks-browsers-with-iso-files\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"ChromeLoader Malware Hijacks Browsers With ISO Files"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46870"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46870\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}