Do you skirt the line between streaming subscriber and piracy? If so, beware – your Chrome browser may be infected. HP Wolf Security issued a warning to anyone who uses Chrome to search for free films and series that a new threat is lurking within these freebies.
Scammers have unleashed a fake extension called Shampoo that directs users to fake websites as they search the internet. Instead of being directed to a legit, safe site, the software redirects users to malicious websites which then unleashes a wave of relentless pop-up advertisement campaigns. The malware is a tricky one, as it can relaunch itself every 50 minutes.
Some pirating pages offer more than the chance to watch new movies and series for free. They can offer up box sets, too, or anything else that might entice users to click. One simple click is all the Shampoo extension needs to infect your Chrome browser and your computer.
HP Wolf Security also issued a warning to keep an eye out for fake OneNote documents, which will have fake ‘click here’ icons that really just grant cyber attackers access to your files. HP Wolf warns anyone using these softwares will be vulnerable to “cybercriminal groups and ransomware gangs.”
HP Wolf Security’s Patrick Schläpfer provides some advice to protect yourself from malware:
“To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites. Employees should be wary of suspicious internal documents and check with the sender before opening. Organizations should also configure email gateway and security tool policies to block OneNote files from unknown external sources.”
Getting rid of the Shampoo software isn’t easy. It is designed to hide and reload itself after a user thinks they’ve successfully deleted it.
HP Wolf Security offers some advice on how to find these files:
- Remove any schedules tasks prefixed with “chrome_”
- Legitimate Chrome scheduled tasks are normally prefixed with “Google”
- Delete the registry key “HKCU\Software\Mirage Utilities\”
- Then reboot the computer
Signs your computer is infected include:
- Pop-up ads and new tabs that won’t go away
- Your Chrome homepage or search engine keeps changing without your permission
- Unwanted Chrome extensions or toolbars keep coming back
- Your browsing is hijacked and redirects to unfamiliar pages or ads
- Alerts about a virus or an infected device