A gang of criminals is infecting Chrome, Firefox, Edge and other browsers with malware that hijacks search results with ads and sometimes even steals user passwords and other login credentials, Microsoft said yesterday (December 10). in a blog post.
The malware strain, which Microsoft calls Adrozek, infects Windows machines through “unauthorized downloads” that attempt to bypass browser defenses as soon as a browser loads one of more than 2 million malicious web pages.
The malware, constantly changing its code to avoid traditional antivirus detection, installs itself as what appears to be a normal audio program.
“At its peak in August, the threat was seen on more than 30,000 devices every day,” Microsoft said, adding that the malware campaign is still running. “End users who encounter this threat on their devices are advised to reinstall their browsers.”
Adrozek specifically targets Mozilla Firefox, Google Chrome, the new Microsoft Edge browser, and the Yandex browser, widely used in Russian-speaking countries. But since the last three are based on the open source Chromium browser, other browsers like Brave, Opera and Vivaldi should also be considered vulnerable.
You will be able to tell that you are infected if you get a lot of strange looking web links in your search results, like in the images below. The links are not necessarily malicious, but the criminals behind Adrozek get a few pennies every time someone clicks on one of them.
How to get rid and avoid Adrozek malware
Normally, you can get rid of the browser hijacker adware if you can reset Chrome or reset Firefox.
But Adrozek goes deep into browsers, altering or mimicking legitimate extensions, disabling security protections, disabling automatic updates, and even altering Registry entries, and creating a separate Windows service to run independently, so ditch it requires much more from him.
You will have to remove Firefox and all Chromium-based browsers completely (make sure to save your bookmarks first), run a malware scan with your choice of the best antivirus software, restart the PC, run the malware scan again, and then reinstall. your browsers and import your saved bookmarks.
To avoid Adrozek infection, keep your browsers up to date at all times and, well, use one of the best antivirus programs.
Such drastic removal actions might not be fully justified if Adrozek simply adds unreliable search results. Perfectly legal if ethically dubious “PUAs” do this all the time.
But because Adrozek actively steals saved Firefox passwords and disables automatic updates and security settings in all browsers, it qualifies as honest malware and should be removed as soon as possible.
“While the main purpose of malware is to inject ads and forward traffic to certain websites, the attack chain involves sophisticated behavior that allows attackers to have a strong presence on a device,” says the Microsoft blog post. “The addition of credential theft behavior shows that attackers can expand their targets to take advantage of the access they can gain.”