Software:Adrozek (malware)
Initial release | May 1, 2020 | (or earlier)
---|---|
Operating system | Windows |
Adrozek is malware that injects fake ads into online search results. Microsoft announced the malware threat on 10 December 2020, and noted that many different browsers are affected, including Google Chrome, Microsoft Edge, Mozilla Firefox and Yandex Browser.[1][2][3][4][5][6][7] The malware was first detected in May 2020 and, at its peak in August 2020, controlled over 30,000 devices a day. But during the December 2020 announcement, Microsoft claimed "hundreds of thousands" of infected devices worldwide between May and September 2020.[3]
According to Microsoft, if not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines.[1] For each user tricked into clicking on the fake ads, the scammers earn affiliate advertising dollars.[6] The malware has been observed to extract device data and, in some cases, steal credentials, sending them to remote servers.[6]
Users may unintentionally install the malware because of a drive-by download, by visiting a tampered website, opening an e-mail attachment, or clicking on a deceptive link or a deceptive pop-up window.[4] The main malware program is downloaded to the “Programs Files” folder using file names such as Audiolava.exe
, QuickAudio.exe
, and converter.exe
.[4] According to PC Magazine, a good way to avoid, or mitigate, infection by Adrozek is to keep browser and related software programs up to date.[4]
See also
- Drovorub
- Mirai (malware)
References
- ↑ 1.0 1.1 Microsoft 365 Defender Research Team (10 December 2020). "Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers". Security Blog (Microsoft). https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/. Retrieved 13 December 2020.
- ↑ Goodin, Dan (10 December 2020). "4 major browsers are getting hit in widespread malware attacks - Chrome, Firefox, Edge, and Yandex are all affected in widespread ad-injection campaign.". Ars Technica. https://arstechnica.com/information-technology/2020/12/ongoing-malware-attacks-are-hitting-users-of-4-major-browsers/. Retrieved 13 December 2020.
- ↑ 3.0 3.1 Cimpanu, Catalin (10 December 2020). "Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox - Microsoft says that at its peak, Adrozek had controlled more than 30,000 devices a day.". ZDNet. https://www.zdnet.com/article/microsoft-exposes-adrozek-malware-that-hijacks-chrome-edge-and-firefox/. Retrieved 13 December 2020.
- ↑ 4.0 4.1 4.2 4.3 Kan, Michael (11 December 2020). "'Adrozek' Malware Is Infecting Thousands of PCs to Insert Ads, Microsoft Warns". PC Magazine. https://www.pcmag.com/news/microsoft-warns-adrozek-malware-is-infecting-thousands-of-pcs-to-insert. Retrieved 13 December 2020.
- ↑ Wagensell, Paul (11 December 2020). "This nasty malware is infecting every web browser — what to do now - New malware is stealing passwords and shows bogus search results". Tom's Guide. https://www.tomsguide.com/news/adrozek-browser-malware. Retrieved 13 December 2020.
- ↑ 6.0 6.1 6.2 Bracken, Becky (11 December 2020). "Adrozek Malware Delivers Fake Ads to 30K Devices a Day". ThreatPost.com. https://threatpost.com/adrozek-malware-fake-ads-30k-devices/162217/. Retrieved 13 December 2020.
- ↑ Wilson, Luke (15 December 2020). "Google Chrome, Firefox, Edge hijacked by massive malware attack: What you need to know - Microsoft has reported a 'shapeshifting' variant of a well-known malware strain that attacks browsers to embed malicious ads". T3. https://www.t3.com/news/google-chrome-firefox-edge-hijacked-by-massive-malware-attack-what-you-need-to-know. Retrieved 15 December 2020.
External links