In the latest blog post, Microsoft has revealed details of a nasty malware that is attacking Google Chrome, Firefox, Edge, and Yandex browsers. The tech giant has revealed that the malware is said to be designed to inject ads into search results and also add malicious browser extensions. Adrozek is said to have been there since May and the attacks were at peaked in August. Microsoft stated that the malware affected over 30,000 devices every day. Also Read - Intel launches 12th Gen Alder Lake chips: Core i9-12900K claimed to be world’s best gaming processor
According to the report, it targets to move users to affiliated pages by serving malware-inserted ads on search results. The malware first adds malicious browser extensions and changes browser settings to insert ads into webpages. It then modifies DLL per target browser to turn off security controls. Also Read - Microsoft sees cloud business growth, but supply chain still tight on Xbox, Surface laptop
In the post, the Microsoft 365 Defender Research team stated that the campaign used a piece of malware that affected multiple browsers. The report further noted that the malware exfiltrates website credentials that could bring additional risks to users. Also Read - Best laptops to buy under Rs 45,000 in October 2021: Dell Inspiron 3515, Acer Aspire 5, more
The malware gets installed on devices “though drive-by download” in which the installer file names have a standard format of setup_.exe. When run, the installer drops an .exe file with a random file name in the temporary folder, which then drops the main payload in the Program Files folder.
The tech giant stated that the malware is installed similar to any other program and can be accessed through the Apps & features settings. However, once installed, it makes changes to browser extensions.
“Despite targeting different extensions on each browser, the malware adds the same malicious scripts to these extensions,” the post noted. The malicious scripts help attackers form a connection with their server and get all scripts that allow injecting advertisements into search results.
“In the past, browser modifiers calculated the hashes like browsers do and update the Secure Preferences accordingly. Adrozek goes one step further and patches the function that launches the integrity check,” the blog post added. The report also stated that it prevents browsers from being updated with the latest versions by adding a policy to turn off updates. It also changes system settings to have additional control of the compromised device.
As per Microsoft, users should install an antivirus solution on their devices that has a built-in endpoint protection solution.