Microsoft warns of the rise of Adrozek malware. This malware variant aims to place covert advertisements in search engine results. Google Chrome, Microsoft Edge, Yandex Browser and Mozilla Firefox have been affected.
According to Microsoft, the malware falls under the so-called Androzek browser modifiers. This type of malware installs extensions, changes dll libraries per browser, and adjusts browser settings so that unofficial ads appear among search engine results. For example, in Microsoft Edge, the malware modifies a particular dll library to bypass integrity checks. In this way, malicious people hope that the users click on their unauthorized ads. According to Microsoft, the hackers are paid to redirect visitors to the web pages behind these ads. With so many browsers targeted by this malware variant, Microsoft suspects that its creators want to target as many users as possible.
Microsoft estimates that the malware has been active in large numbers since May 2020, mainly in Europe and South (East) Asia. Between May and September of this year, the company registered hundreds of thousands of cases of the Adrozek malware worldwide. During this time, it discovered more than 159 unique domain names, each containing an average of 17,300 unique URLs with an average of 15,300 links to the malware each. Microsoft argues that given the immense scale of malware attacks, global spread is within expectations.
Malware in the form of browser modifiers is not new according to the software giant. According to the company from Redmond, this type of malware is becoming increasingly advanced. In addition, it poses enormous risk as unsuspecting users enter sensitive information into the affected browsers. According to Microsoft, users affected by the malware should completely reinstall their browser and can, among other things, use Microsoft’s anti-malware services to prevent a new infection.