featured

Adrozek – Malware on your browser that you don’t know

You, almost get all your information nowadays through searches. Right. But, you might be getting misinformed with fake search results and you won’t even know. And this is all happening because of an undetectable malware called Adrozek.

What is Adrozek?

Do you know about Adrozek? If not then let us tell you the complete story that is affecting all the top browsers. A malware that has the potential of troubling every big company and every layman.

Adrozek is malware that is targeting  Chrome, Edge, Yandex, and Firefox. It seems to be a part of a campaign to target these browsers. This was revealed by Microsoft.

As published [1]on December 10, 2020, it says

” Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers”

As per Microsoft 365 Defender Research Team, this malware is active since May 2020 and had been affecting almost 30000, especially during its peak in August 2020. The company further claimed that this malware has a specific function or intention.

“The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers—Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox—exposing the attackers’ intent to reach as many Internet users as possible.””

Microsoft 365 Defender Research Team

The ads injected by this malware simply mimics your search results and then display ads . These ads are predominantly linked to some product or affiliate page.

Adrozek effects your DLL

As you know that Dynamic Link Library or CLL is one of the most important and integral part of any browser. This malware specifically targets this and makes the system incapable of considering it as a threat.

Further, Microsoft mentioned that it turns MsEdge.dll on your Microsoft browser (Edge) and turns off the security.

The Microsoft team reiterated that this is affecting multiple browsers. It is capable of collecting your web browser’s surfing data, passwords on different websites that you open or load, cookies, surfing history, etc. So this malware is certainly a potential threat to your data credentials as well as the overall safety of your system.

This system is installed through a drive-by download [2]. Basically, the main file doesn’t look harmful and it is some sort of generic file. When downloaded it goes into a temp folder. And from there it has all the ground for itself to attack your system.

What is a drive-by download?

Drive-by download means that a file or program is installed on your system without your knowledge or without your approval. This can be an automated system too. Or, it might be bundled with something that you had intentionally downloaded.

Once your browsers are compromised you start seeing ads that actually are not the real result of a search that you make through for a keyword. An unknowing individual will not be able to distinguish between the real results and the results produced by the malware.

And moreover, it is registered as a Window service. So not even the anti-virus or anti-malware are able to detect it.

And the worst part is that legitimate extension IDs are used by this malware. So it is even more difficult for your system to detect and eliminate this malware. Once infected , your browser is connected to the malware’s server and it is easy able to inject ads on all of your search results.

On Chrome it infects the media router extension. On Edge and Yandex it uses legitimate extension’s IDs to attack. The targeted apps or extensions might be different but the script is the same.

Global impact of Adrozek

AS per Microsoft this malware system  is bound to grow further.

Such a sustained, far-reaching campaign requires an expansive, dynamic attacker infrastructure. We tracked 159 unique domains, each hosting an average of 17,300 unique URLs, which in turn host more than 15,300 unique, polymorphic malware samples on average. In total, from May to September 2020, we recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia. As this campaign is ongoing, this infrastructure is bound to expand even further.

As per the figure released by Microsoft this is evident

Geographic distribution of Adrozek encounters from May to September 2020.
As published on Microsoft.com

How to detect Adrozek?

You will see a substantial change in your search results. It is easy to detect if your browser has been infected with Adrozek or not.

Let me explain this with an example

If you search Nintendo games on Google in Chrome you will get results like the company, the official page, then might be amazon and one or two affiliate sellers in the top 10 results.

But when your browser is infected by Adrozek you will see almost all the results that pitch to buy a service or a product.

Difference between Adrozek infected and non-infected browser search results.
As published on Microsoft.com

How to fix  Adrozek?

The simplest and the only way is to uninstall your browser. Run a virus-scan and then reinstall the browser from it’s official website.

Don’t use third party websites to download any type of browser as they might be compromised.

Further, take all precautions while downloading something. Because the malware might be bundled with the Adrozek malware.

The best policy to avoid Adrozek infection will be safe browsing and downloading files from reputable, safe, verified and trusted websites only. If you come across any other information about Adrozek that we might have missed, then please feel free to contact us o

References

1– https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/

2- https://www.kaspersky.com/resource-center/definitions/drive-by-download

2 Comments

2 Comments

  1. Pingback: Download of Teamviewer 11- step by step guide - Tech Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

At Tech Verse Blog we thrive to publish the latest and relevant technology news and blogs.

If you are interested in publishing your own article about technology then you can contact us on our contact page.

Proudly powered by Truly Free SEO

Popular

Tech Verse Blog is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2020 Tech Verse Blogs

To Top