We will use your email address only for sending you newsletters. Please see our Privacy Notice for details of your data protection rights.
Microsoft highlighted the security threat in a post online, and are warning Google Chrome, Edge, Mozilla Firefox and Yandex browser users against it. The Redmond-based tech giant said the malware campaign was first spotted back in May, and at its peak in August the browser threat was discovered on over 30,000 devices every day. The Windows 10 makers have labelled this malware family Adrozek, and unlike other adware campaigns it isn’t content at merely spreading fake adverts.
Adrozek is certainly capable of doing that, and does this by changing browser settings to make sure unauthorised adverts are displayed on top of legitimate ones in search results – with cybercrooks getting paid for clicks on these nefarious ads.
But the way in which the Adrozek campaign stands apart from its counterparts is with the other malicious changes it makes to a target’s computer – namely adding or modifying browser extensions, changing browser preferences and tampering with crucial browser files.
With the latter, by changing certain browser DLLs this allows the malware to turn off crucial security controls on a victim’s machine.
Google outlines latest Chrome updates to keep users safe
And the impact of such changes on a browser is significant. As Microsoft explained: “Cybercriminals abusing affiliate programs is not new—browser modifiers are some of the oldest types of threats.
“However, the fact that this campaign utilises a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated.
“In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks.”
The Windows 10 makers said between May and September they spotted 159 unique domains used to distribute hundreds of thousands of malware samples as part of the Adrozek campaign.
Some of these domains were active for just a single day, while others were live longer for up to 120 days.
Many of these domains themselves hosted tens of thousands of URLs, with one hosting almost 250,000 – underlining the massive infrastructure used in this latest malware campaign.
This sprawling infrastructure allowed cybercrooks to spread the malware, which besides making major changes to browsers, is also capable of stealing sensitive user credentials.
Adrozek is additionally capable of disabling browser updates and changing critical browser security settings or permissions.
Advising people on how to stay safe, Microsoft said: “Adrozek shows that even threats that are not thought of as urgent or critical are increasingly becoming more complex.
“And while the malware’s main goal is to inject ads and refer traffic to certain websites, the attack chain involves sophisticated behaviour that allow attackers to gain a strong foothold on a device.
“The addition of credential theft behaviour shows that attackers can expand their objectives to take advantage of the access they’re able to gain.
DON’T MISS: Microsoft Edge gets coupon code tool which could save you big
“These complex behaviours, and the fact that the campaign uses polymorphic malware, require protections that focus on identifying and detecting malicious behaviour.
“Microsoft Defender Antivirus, the built-in endpoint protection solution on Windows 10, uses behaviour-based, machine learning-powered detections to block Adrozek.
“End users who find this threat on their devices are advised to re-install their browsers.
“Considering the massive infrastructure that was used to distribute this threat on the web, users should also educate themselves about preventing malware infections and the risks of downloading and installing software from untrusted sources and clicking ads or links on suspicious websites.”
Source: Read Full Article