Microsoft has warned users of a new malware called Adrozek, which hijacks browsers and steals credentials and can infect over 30 000 PCs a day. The malware can take over Microsoft Edge, Google Chrome, Yandex browser and Mozilla Firefox by injecting adverts into search engine result pages.
Adrozek functions by using malicious scripts that are downloaded from the servers run by the malware’s operators to inject adverts once it has altered the web browser’s settings. Microsoft has advised users to re-install their browsers if they have been infected.
The Microsoft 365 Defender Research team said that “If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines.”
Microsoft also said that “The Adrozek attackers, however, operate the way other browser modifiers do, which is to earn through affiliate ad programs, which pay for referral traffic to certain websites,”
“The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages.
“The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages.”
Over One Hundred Thousand Infected Computers
So far, this threat has used 159 domains to host over 17000 unique URLs that have delivered over 15000 polymorphic malware samples to infected computers which has lead to hundreds of thousands of samples being added to infected computers between May and September this year. There are still new host domains being used as the infrastructure is being expanded to inject new malware onto PCs.
“The distribution infrastructure is also very dynamic. Some of the domains were up for just one day, while others were active for longer, up to 120 days,” Microsoft said.
“Interestingly, we saw some of the domains distributing clean files like Process Explorer, likely an attempt by the attackers to improve the reputation of their domains and URLs, and evade network-based protections.”
Prevention is Better Than Cure
The best thing users can do to avoid this is to ensure that you have a reliable antivirus installed. If you don’t have one and want a free option, you can use Malwarebytes to scan your PC for malware. While Malwarebytes is not an antivirus, it is useful for the detection and removal of malware.