Home Tech Microsoft Warns of Malware “Adrozek” Targeting Internet Browsers

Microsoft Warns of Malware “Adrozek” Targeting Internet Browsers

by Jay
Adrozek Malware

Top company Microsoft has alerted users of a persistent attack by a malware which has gone on an attacking campaign targeting internet browsers such as Chrome, Firefox and even Edge.

Adrozek Malware

Photo credit: verdemblog

Microsoft was quick to alert users by publishing a notice where it revealed that these attacks by the malware has been around since May. The malware spreads to devices in an alarming rate of more than 30,000 devices per day. The threat by this malware negatively affects multiple browsers which include, Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox.

JavaScript and JSON files added to the target extension’s file path: Credit Microsoft

The malware is obviously gaining ground as it seeks to reach as many Internet users as possible. Revealed as Adrozek malware, this malware cuts across 159 malicious domains (www.) with each hosting more than 17,000 URLs. Inside these domains are series of malicious malware that bypass security and seek to establish authority over devices via internet browsers.

Microsoft explained how the malware works by saying,

“If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines,” 

“The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliate pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages.”

How The Malware Adrozek Installs and Works

The brain behind this malware use sprawling infrastructure to distribute hundreds of thousands of unique Adrozek installer samples. Each of these files is heavily obfuscated and uses a unique file name that follows this format: setup_<application name>_<numbers>.exe. When this is run, the installer executes an .exe file with a random file name in the %temp% folder. The malware uses various names like Audiolava.exe, QuickAudio.exe, and converter.exe. The malware is installed like a usual program that can be accessed through Settings>Apps & features, and registered as a service with the same name.

Adrozek attack chain

Adrozek attack chain: Credit Microsoft

To avoid the malware Adrozek from getting to your device, it is advisable to avoid downloads from controversial disreputable sources and of course use a strong Antivirus program. If your computer is already affected, reinstall the browsers once again.

You may also like

Leave a Comment

error: Content is protected !!