Microsoft has warned of a “persistent malware campaign” built to inject fraudulent ads into search results and siphon off victims’ personal information.
According to a notice published by the firm, the malware has been in circulation since at least May and could be found on more than 30,000 devices per day at its peak in the summer.
Adrozek malware, as it has come to be known, is capable of modifying a number of popular browsers, including Edge, Chrome and Firefox (which together account for circa 70% of the browser market share).
- We've built a list of the best malware removal software around
- Check out our list of the best VPN services on the market
- Here's our list of the best endpoint protection available
Adrozek malware campaign
As Microsoft explains, the malware is distributed via 159 malicious domains (and potentially more), each hosting 17,300 distinct URLs on average. Between them, these domains are said to harbor hundreds of thousands of unique malware samples, thereby bypassing security tools that filter for known threats.
“If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines,” explained Microsoft.
“The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliate pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages.”
While generating illegitimate affiliate revenue via the distribution of malware is, of course, illegal, this portion of the campaign poses a limited threat to its victims.
However, Adrozek strains specific to Mozilla Firefox are also coded to lift user credentials stored on-device, opening the door to potential account takeover and identity theft. In this sense, Microsoft says, the campaign demonstrates that “there’s no such thing as low-priority or non-urgent threats”.
To shield against Adrozek and other browser modifiers like it, Microsoft advises users to avoid downloading files from disreputable sources and to lean on an antivirus service for additional protection.
Anyone that suspects they may already have suffered an infection should re-install the affected browsers.
- Here's our list of the best proxy services right now
