Your Chrome Browser May Be Infected if You Visit Free Streaming Sites





Streaming service remote

Do you skirt the line between streaming subscriber and piracy? If so, beware – your Chrome browser may be infected. HP Wolf Security issued a warning to anyone who uses Chrome to search for free films and series that a new threat is lurking within these freebies.

Scammers have unleashed a fake extension called Shampoo that directs users to fake websites as they search the internet. Instead of being directed to a legit, safe site, the software redirects users to malicious websites which then unleashes a wave of relentless pop-up advertisement campaigns. The malware is a tricky one, as it can relaunch itself every 50 minutes.

Some pirating pages offer more than the chance to watch new movies and series for free. They can offer up box sets, too, or anything else that might entice users to click. One simple click is all the Shampoo extension needs to infect your Chrome browser and your computer.

HP Wolf Security also issued a warning to keep an eye out for fake OneNote documents, which will have fake ‘click here’ icons that really just grant cyber attackers access to your files. HP Wolf warns anyone using these softwares will be vulnerable to “cybercriminal groups and ransomware gangs.”

HP Wolf Security’s Patrick Schläpfer provides some advice to protect yourself from malware:

“To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites. Employees should be wary of suspicious internal documents and check with the sender before opening. Organizations should also configure email gateway and security tool policies to block OneNote files from unknown external sources.”

Getting rid of the Shampoo software isn’t easy. It is designed to hide and reload itself after a user thinks they’ve successfully deleted it.

HP Wolf Security offers some advice on how to find these files:

  • Remove any schedules tasks prefixed with “chrome_”
  • Legitimate Chrome scheduled tasks are normally prefixed with “Google”
  • Delete the registry key “HKCU\Software\Mirage Utilities\”
  • Then reboot the computer

Signs your computer is infected include:

  • Pop-up ads and new tabs that won’t go away
  • Your Chrome homepage or search engine keeps changing without your permission
  • Unwanted Chrome extensions or toolbars keep coming back
  • Your browsing is hijacked and redirects to unfamiliar pages or ads
  • Alerts about a virus or an infected device

Disclaimer: To address the growing use of ad blockers we now use affiliate links to sites like, streaming services, and others. Affiliate links help sites like Cord Cutters News, stay open. Affiliate links cost you nothing but help me support my family. We do not allow paid reviews on this site. As an Amazon Associate I earn from qualifying purchases.

Subscribe to Our Newsletter

* indicates required

Please select all the ways you would like to hear from :

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp’s privacy practices here.