Microsoft has issued a cautionary alert for browser users. A new malware called Adrozek is infecting Windows PC’s to inject unauthorized ads into users. The company said the malware came from users of Google Chrome, Firefox and other browsers to be careful.
Microsoft has tracked 159 unique domains this year. Which is hosting an average of 17,300 unique URLs.
The company said the adware, Adrozek, arrived in May this year. As of August, it has been attacking more than 30,000 devices daily.
It is understood that this new malware campaign has been launched with the objective of taking the user’s search results. The search result is then directed to affiliate page by placing malware ads. “The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to those sponsored affiliated pages.”
However, to get started, malware secretly adds extensions of a bad nature. This extension changes browser settings to place ads on webpages.
How the malware gets download?
Adrozek malware is very different from other malware. This malware gets installed on the device via Drive By Download in which the name of the installer file is setup.exe. When this file runs, the installer temporarily leaves an .exe file with a setup name in the folder. This payload looks like a legitimate audio software.
The Microsoft team has identified it exclusively in Google Chrome. This usually changes the default ‘Chrome Media Router’ extension. Similarly, in Microsoft Edge and Yandex browsers it uses valid extension ID.
Inserting the ads into your search results is certainly annoying. But the real threat is how this malware can also steal login credentials from the Firefox browser, and potentially give hackers a launching pad for more damaging crimes
Microsoft has asked users who have received this type of threat to reinstall the browser on their device.
The company also recommends keeping software up to date, avoiding links and attachments, avoiding malicious and compromised websites, not downloading pirated content from compromised websites, and using non-administrator accounts.