Microsoft has warned of a “persistent malware campaign ”created to inject fraudulent advertisements into search results and divert personal information from victims.
According to a realize Published by the firm, the malware has been in circulation since at least May and could be found on more than 30,000 devices per day at its peak in the summer.
Adrozek malware, as it is known, is capable of modifying several popular browsers including Edge, Chrome, and Firefox (which together account for around 70% of the browser market share).
Adrozek malware campaign
As Microsoft explains, malware is distributed across 159 malicious domains (and potentially more), each hosting 17,300 different URLs on average. Among them, these domains are said to host hundreds of thousands of unique malware samples, thereby bypassing security tools that filter out known threats.
“If undetected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional unauthorized ads on web pages, often in addition to legitimate search engine ads.” Microsoft explained.
“The desired effect is that users, searching for certain keywords, inadvertently click on these malware-embedded ads, leading to affiliate pages. Attackers win through affiliate advertising programs, which pay for the amount of traffic referred to the sponsored affiliate pages. “
While generating illegitimate affiliate income through malware distribution is, of course, illegal, this part of the campaign poses a limited threat to its victims.
However, Mozilla Firefox-specific Adrozek strains are also hard-coded to lift user credentials stored on the device, opening the door to a potential account takeover and identity theft. In this sense, says Microsoft, the campaign shows that “there are no low-priority or non-urgent threats.”
To protect against Adrozek and other browser modifiers like this one, Microsoft advises users to avoid downloading files from disreputable sources and to rely on a antivirus service for additional protection.
Anyone who suspects that they have already suffered from an infection should reinstall the affected browsers.
- Here’s our list of the best proxy services right now