#choziosiloader — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #choziosiloader, aggregated by home.social.
-
Day 1️⃣0️⃣ of #100DaysOfYara: MacOS Browser Hijacker Scripts🍎
🔗 https://github.com/colincowie/100DaysOfYara_2023/blob/main/January/010/010.mdBackground on these MacOS malware scripts used by #ChromeLoader aka #ChoziosiLoader:
📖 https://redcanary.com/blog/chromeloader/
📖 https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html
📖 https://www.th3protocol.com/2022/Choziosi-LoaderTodays rule did a nice job of detecting the historical ChromeLoader scripts. A more generic yara rule for identifying .command script abuse would potentially be pretty interesting!