- Microsoft Claims New Malware’Adrozek’ Affecting Google Crome, Firefox and More Browsers: Here’s Guide, How to protect from it?
Google Chrome, Firefox, Microsoft Edge and Yandex have become the latest targets of an existing malware campaign dubbed Adrozek, as reported by Microsoft. Malware injects advertisements into search results and adds malicious browser extensions. The company claims that with the attacks taking place in August, the virus has been occurring on a large scale since at least May, with more than 30,000 devices being seen every day.
The main goal for Adrozek is to take people to affiliate pages. It is doing this by adding silly browser extensions and changing browser settings to place advertisements in webpages. It is also modifying Dynamic Link Library (DLL) files according to the target browser, for example, it is turning to MsEdge.dll on Microsoft Edge, which is basically turning off the browser’s security controls.
The Microsoft 365 Defender research team said in a blog post that this is a unique campaign because it affects multiple browsers and also affects website credentials which can bring additional risk to users.
What is ‘Adrozek’ malware?
Adrozek installs into a device via a “though drive-by download”, which basically does a generic filename and a standard format of setup_.exe. When a user runs a program, the installer inserts an .exe file into a temporary folder, which, in turn, leaves the main payload in the program file folder.
The payload has names like Audiolava.exe, QuickAudio.exe or Converter.exe, thus people believe it to be a valid audio-related software. The malware is then installed as a normal program, which appears inside the apps and features settings. It is also registered as a Windows service. Thus these tricks help in detection by antivirus software.
How Adrozek Affects Browsers like Google Crome, Microsoft Edge and more
On Google Chrome, Adrozek modifies the default “Chrome Media Router” extension, while, on Microsoft Edge and Yandex, it uses IDs for valid extensions, such as “Radioplayer.” Even though, it targets different extensions on each browser, but it still uses. The same malicious script to infect these extensions. The attackers then help the attackers connect to their servers and then inject advertisements into the search results.
In addition to injecting advertisements, Adrozek can also prevent updates from being updated with the latest versions by adding a policy of turning off updates.
Microsoft claims, as of now, Adrozek is in high concentration in Europe, South Asia and Southeast Asia. It also added that, with the campaign still active, it may soon expand to other geographic areas.
How to Protect Yourself from Adrozek?
The company suggests that users should use an antivirus solution such as Microsoft Defender, which has endpoint protection and can block malware families.