ISO file downloads are advertised via QR codes on Twitter and on supposedly free gaming sites, but they don't contain what they promise.
The loader for the malicious Chrome extension was initially analysed by
@x3ph1 who dubbed it ChromeLoader. To avoid misunderstandings with legitimate Chrome components we hereby refer to it as
Choziosi loader.
The analysis on the loader is detailed but x3ph1 does not describe the Chrome extension Choziosi, which got me intrigued.
Twitter user
@th3_protoCOL found QR codes that circulate on Twitter and advertise pirated software to lure people into downloading an ISO. Reddit users also complain about malicious ISO files on websites that provide Steam games. This tweet by
@StopMalvertisin says the ISOs are downloaded via malicious advertisments.
www.gdatasoftware.com
