In the latest blog post, Microsoft has revealed details of a nasty malware that is attacking Google Chrome, Firefox, Edge, and Yandex browsers. The tech giant has revealed that the malware is said to be designed to inject ads into search results and also add malicious browser extensions. Adrozek is said to have been there since May and the attacks were at peaked in August. Microsoft stated that the malware affected over 30,000 devices every day.
According to the report, it targets to move users to affiliated pages by serving malware-inserted ads on search results. The malware first adds malicious browser extensions and changes browser settings to insert ads into webpages. It then modifies DLL per target browser to turn off security controls.
In the post, the Microsoft 365 Defender Research team stated that the campaign used a piece of malware that affected multiple browsers. The report further noted that the malware exfiltrates website credentials that could bring additional risks to users.
The malware gets installed on devices “though drive-by download” in which the installer file names have a standard format of setup_.exe. When run, the installer drops an .exe file with a random file name in the temporary folder, which then drops the main payload in the Program Files folder.
The tech giant stated that the malware is installed similar to any other program and can be accessed through the Apps & features settings. However, once installed, it makes changes to browser extensions.
