In a report last Thursday, December 10, Microsoft issued a warning to users of four major web browsers, namely, Google Chrome, Mozilla Firefox, Microsoft Edge, and Yandex Browser, saying that a widespread malware attack is hitting all four.
Widespread Malware Campaign
In a report by ZDNet, the malware is known as Adrozek, and it has been around since at least May 2020 and reaching the peak number of victims in August when it was able to control around 30,000 browsers on the daily.
Nevertheless, a recent report by the Microsoft 365 Defender Research Team says that the number is much higher than previously known.
It turns out that the team of experts from Microsoft was able to detect "hundreds of thousands" of Adrozek detections across the globe from the months of May to September of this year.
Furthermore, it appears that the highest number of victims are found in Europe, followed by South and Southeast Asia.
How the Adrozek Malware Works
According to TechRadar, the Adrozek malware has been dubbed by Microsoft as a "persistent malware campaign," which injects fraudulent ads into the web browsers and create changes to the browser.
Moreover, the malware can also acquire personal details of users, including their name, email address, and even bank accounts if it's installed through the Firefox web browser.
Based on the report, 159 malicious domains contain 17,300 distinct URLs on average, with the team thinking there could be more of these.
The domains in question have hundreds of thousands of malware samples waiting to be injected into your computer.
"If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines," Microsoft explains.
"The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliate pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages."
Downloading From Suspicious Sites
Microsoft also said that the malware is distributed by typical drive-by download schemes where users will be redirected from a legitimate site to a malicious one, waiting to install the malware.
Once the malware has been installed, it will attempt to install an extension that would change the browser's AppData folder without the user knowing.
To help users of the four browsers from becoming victims of Adrozek, Microsoft encourages everyone to avoid downloading software from suspicious sites and using antivirus for an added layer of cyber defense.
However, if you suspect your web browser has been compromised, quickly uninstall your web browser and reinstall it again.
As of now, it is unclear whether macOS or Linux users are also vulnerable to the malware campaign, but it seems like the attack is centered on Windows users.
Still, whether you're using Windows, macOS, or Linux computers, make sure that you always download software from reputable sources and update your antivirus software regularly.
This article is owned by Tech Times
Written by: Nhx Tingson