Microsoft has warned about a persistent malware campaign that’s affecting all the major web browsers like Google Chrome, Firefox and even its own Edge. This malware campaign is built to inject fraudulent ads into the search results and siphon off users’ personal information.
According to the notice published by Microsoft, this malware called Adrozek has been in circulation since May this this year and was found across more than 30,000 devices per day at its peak spread this summer.
According to the notice published by Microsoft, this malware called Adrozek has been in circulation since May this this year and was found across more than 30,000 devices per day at its peak spread this summer.
According to the map shared by Microsoft, Europe and Asia were severely affected by Adrozek over May to September this year.
“In total, from May to September 2020, we recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,” Microsoft said.
This Adrozek malware is capable of modifying web browsers like Chrome, Mozilla and Edge – the three browsers that account for 70% of the browser market share. So pretty much all devices are at risk here, across the world.
Microsoft explained that the Adrozek malware is distributed via 159 malicious domains or more and each of these domains host 17,300 distinct URLs at an average. All these domains house hundreds of thousands of unique malware samples and can bypass security tools that usually filter such threats.
Comparison of search results pages on an affected machine and one with Adrozek running. (Microsoft)
“If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines,” explained Microsoft.
“The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliate pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages,” Microsoft added.
The generation of “illegitimate affiliate revenue” by distributing malware is obviously illegal but it is limited in how threatening it is for users. There are Adrozek strains specific to Mozilla Firefox that are coded to lift users credentials stored on the device and this opens up the possibility of account takeover and identity theft. In a case like this, these are high-priority and urgent threats and need to be addressed immediately.
How to stop the Adrozek malware?
To shield oneself against Adrozek and comparative program modifiers, Microsoft recommends that clients don’t download records from unsavory sources and use antivirus administrations for security.
If anyone thinks they have already been affected by Adrozek, you should uninstall and then reinstall the web browsers you use.
