ChromeLoader was initially observed targeting Windows users in January 2022 – a macOS variant was spotted in March – when it was being dropped as an ISO file and could leak users’ browser credentials, collect data on their online activities, and display ads by hijacking browser searches.

The threat is being distributed as pirated or cracked versions of applications or games, typically on social media platforms, pirating sites, torrents, and bundled with legitimate games and software.