Microsoft representatives confirmed: Adrozek massively attacked popular browsers

Microsoft representatives confirmed that they had registered a new malware called Adrozek that continuously attacked popular browsers:

  • Google chrome
  • Firefox
  • Microsoft Edge
  • Yandex

What does Adrozek do?

  • Inserts banner ads:
    • Search results
    • To any web pages
  • Steals personal data

According to Microsoft reportAdrozek has been in use since at least May 2020, and it peaks in August, when it attacked more than 30,000 browsers.

From May to September, this malware hit hard:

  • Europe
  • Asia

Distribution infrastructure

Attackers install this malware onto the device by automatic download. Experts monitored Adrozek’s activities from May to September 2020. As a result, it was found that the botnet created by the cybercriminals consists of 159 unique domains.

Many domains contained tens of thousands of URLs, some with over 100,000 unique URLs, and one hosting almost 250,000 URLs.

But here the most interesting fact of this malware is that many domains distributed clean filessuch as Process Explorer. It is possible that in this way the attackers tried to raise trust in their domains and URLs.

Manipulations with infected browsers

In addition, Adrozek changed some browser components:

  • Extensions: This malware made changes to certain browser extensions. The malware usually modifies the “Chrome Media Router” in the default browser extensions in Google Chrome.
  • Browser DLL: Malware has tampered with certain browser DLLs.
  • Browser security settings: The malware changed the browser’s security settings, allowing extensions to run without the appropriate rights.
  • Browser updates: This malware has disabled the refresh function in browsers.

Ad injection and credential theft

After the malware finished manipulating browser components and settings, it was able to insert ads in search results and on other web pages.

Stealing credentials makes malware even more dangerous. Adrozek downloads an additional .exe file with a random name that collects information about the device and its users.

What to do if your browser picks up Adrozek

If your browser has picked up Adrozek, then you can cure it with a commonplace reinstallation, but an additional check of the system with popular antiviruses will be useful.

In addition, Adrozek stole usernames and passwords from Firefox users, which it is advisable to double-check, or better to update immediately.

image

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *