blog posts

Widespread Adrozek malware attack on various browsers

Microsoft Defender research team recently identified a new malware that targets the most popular web browsers to make money for the people they want! 

It also shows your desired results in your browser. While this may not seem like a big deal to you,

the malicious behavior of this malware suggests that it could be used to gain deeper access to your Windows device data.

So join us for more details on the widespread Adrozek malware attack.

This week,

Microsoft issued a warning about a massive new malware attack on users of various browsers on tens of thousands of devices. Attackers of this malware can make subtle changes to inject ads into users’ computers.

Attackers host an average of 17,300 URLs.

Microsoft researchers say they have found more than 15,300 different instances of this unique malware during this time.

In just five months,

the researchers recorded hundreds of thousands of different cases around the world (especially in Europe, South Asia and Southeast Asia).

How Adrozek malware attacks various browsers

Although the methods used by the attackers are not new, the situation and algorithms have become more and more complex and can now affect several different browsers including Google Chrome, Microsoft Edge, Mozilla Firefox and Yandex browser at the same time.

Adrozek first infiltrates your browser by adding browser extensions and changing specific DLL files, so attackers can gain the ability to change settings. This allows them to see additional ads in addition to legal ads on your web pages.

Adrozek (especially on search engines like Google where attackers are able to target users) works based on the keywords being searched.

As you can see in the image above, the user usually sees the search results through several affiliate links. The more people who click on these links, the more attackers will earn from the time each user spends on these pages.

Microsoft went on to warn Adrozek that it could easily inflict further damage on PCs by injecting additional malicious loads and removing website credentials.

If you see the above behavior and conditions in your system, we suggest that you reinstall the browsers you are using.