Published 16:31 IST, December 12th 2020
Google Chrome, Firefox, Edge affected by Adrozek malware campaign: Microsoft
Microsoft warned about a persistent malware campaign which is actively disturbing all the major web browsers, including Google Chrome, Firefox and Edge
Microsoft on December 10 warned about a persistent malware campaign which is actively disturbing all the major web browsers, including Google Chrome, Firefox and Edge. According to its blog post, Microsoft informed that the malware campaign is build to inject fraudulent ads into the search result and siphon off users’ personal information. The malware is called ‘Adrozek’ and it has been in circulation since May this year. It was also found across more than 30,000 devices per day as its peak spread this summer.
While sharing a picture of a map, Microsoft informed that Europe and Asia were severely affected by the malware over May to September. The company said that in total, the officials recorded hundreds and thousands of encounters of the Adrozek malware across the globe, with a heavy concentration in Europe and in South Asia and Southeast Asia. According to the blog post, the malware is capable of modifying web browsers like Chrome, Mozilla and Edge - the three browsers that account for 70 per cent of the browser market share.
Microsoft explained that Adrozek is distributed via 159 malicious domains or more and each of these domains hosts 17,300 distinct URLs at an average. Further, the company said that all these domains house hundreds and thousands of unique malware samples and can bypass security tools that usually filter such threats. Microsoft said that if the malware is not detected and blocked, then it adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines.
The company added, “The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliate pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages”.
High-priority and urgent threats
Although the generation of “illegitimate affiliate revenue” by distributing is obviously illegal, however, it is limited in how threatening it is for users. According to the blog, there are Adrozek strains specific to Mozilla Firefox that are coded to lift users credentials stored on the device. This opens up the possibility of account takeover and identity theft, the firm said. In such cases, Microsoft that these are high-priority and urgent threats and need to be addressed immediately.
Furthermore, Microsoft even explained how to stop malware. To shield oneself against Adrozek and similar browser modifiers, the firm suggests that users do not download files from disreputable sources and use antivirus services for protection. Microsoft also added that if anyone thinks they have already been affected by the malware, then they should uninstall and then reinstall the web browsers they use.
Updated 16:31 IST, December 12th 2020