ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

A newly identified trojan called ChrimeraWire is being used to manipulate search engine rankings by simulating real user activity through Google Chrome. The malware was detailed today by researchers at Doctor Web, who discovered it while analysing affiliate-linked malware distribution campaigns.

ChrimeraWire, instead of stealing passwords or encrypting files, is focused on boosting the visibility of specific websites in Google and Bing search results. It does this by automating searches, loading target sites, and performing clicks all through a hidden instance of the Chrome browser that it downloads and runs in debug mode.

The malware doesn’t arrive directly. It’s dropped in the final stage of a layered infection process. Doctor Web describes two separate chains that lead to its installation, both involving downloader trojans, privilege escalation, and system persistence tricks.

In the first chain, the infection begins with a downloader that checks for virtual environments. If the system ...