Microsoft Warns Of Sinister Adrozek Malware Injecting Into Your Favorite Web Browsers
Simply put, malware and adware sucks, especially when it tries to be sneaky. Thankfully, Microsoft is on the prowl for malicious software trying to worm its way onto people’s systems. Since at least May of this year, Microsoft discovered a “persistent malware campaign” that peaked in August with over 30,000 devices infected. The malware, dubbed “Adrozek,” adds browser extensions, modifies DLL files, and inserts ads into web pages and search results. Perhaps it is time to run a malware scan, eh?
The family of browser-modifying malware called Adrozek is quite the little bugger as far as malware goes. It affects multiple different browsers, such as Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox, “exposing the attackers’ intent to reach as many Internet users as possible.” Moreover, the attackers have effectively shotgun blasted the malware over the internet with Microsoft tracking “159 unique domains, each hosting an average of 17,300 unique URLs, which in turn host more than 15,300 unique, polymorphic malware samples on average.”
Ultimately, this infrastructure of 159 domains “distribute[d] hundreds of thousands of unique malware samples” through “drive-by downloads.” This means that all a user had to do was visit a site that hosted the malware, and it would be downloaded in the background. Another critical part of this malware is that it was polymorphic or varied so that it could avoid detection from a variety of malware blockers. Even though slight tweaks made the malware different from itself in each instance, it generally followed the same steps once onto a device. Microsoft has laid out the attack chain in the image below to explain what happens.
Once installed, the malware could grab other malicious scripts, inject data or ads, steal credentials, and more. For example, the malware managed to mess with a dynamic link library (DLL) file for Microsoft Edge that turned off security controls in the browser. Also, browsers typically have a failsafe if the security settings are tampered with, but Adrozek patches this, so the failsafe stops working. Once the Adrozek is comfortably running with a browser, it also can tamper with system settings to remain on the device. Then, basically any data of yours is vulnerable to Adrozek should it decide to attack. Adrozek will also begin injecting ads into your search results, as Microsoft shows with an Xbox search.
While adware is not typically the worst thing in the world, it shows that attackers are trying to develop footholds on many devices. Users need to know what sites they are visiting and run regular malware scans, so they remain safe. If you do happen to find Adrozek on your system, Microsoft recommends that you reinstall your browser. Perhaps you should change your passwords, too, as a good digital security check never hurts.