Google Chrome, Firefox, Other Browsers Impacted by Widespread Malware Campaign: Microsoft

Must read

How to disable and delete Samsung Pay from your Galaxy phone

When it comes to paying conveniently, Samsung Pay makes using your phone as a bank card an easy process; however, there may come...

How to Hack the Hidden Google Chrome Dinosaur Game

Most of us have seen the dreaded “No Internet” error message on Google Chrome. You can actually turn this screen into a fun,...

Nest Hub Photo Frame loses ‘experimental’ Facebook, Flickr

When not actively in use, many have their Smart Displays cycle through a carousel of pictures. These Assistant devices are closely integrated with...

Xbox Series X restock: how to track Xbox stock on Twitter – and actually get it

Sunday is expected to be slow for our Xbox restock Twitter tracker, which is working overtime to find the Microsoft console in stock,...
Bhawani Singh
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

Google Chrome, Firefox, Microsoft Edge, and Yandex browsers are affected by an ongoing malware campaign that is designed to inject ads into search results and add malicious browser extensions, Microsoft revealed on Thursday. Dubbed Adrozek, the newly discovered malware family has been at scale since at least May this year and the attacks peaked in August with the threat being noticed on more than 30,000 devices every day.

Microsoft said that from May to September, it recorded hundreds of thousands of encounters of the Adrozek malware globally. The company tracked 159 unique domains, each hosting an average of 17,300 unique URLs, which, in turn, host an average of over 15,300 distinct, polymorphic malware samples.

The ultimate aim of the new malware campaign is to lead users to affiliated pages by serving malware-inserted ads on search results. However, to begin the action, the malware silently adds malicious browser extensions and changes browser settings to insert ads into webpages — often on top of legitimate ads from search engines. It is also claimed to modify DLL per target browser, MsEdge.dll on Microsoft Edge for instance, to turn off security controls.

The Microsoft 365 Defender Research team noted in a blog post that although cybercriminals abusing affiliate programs was not new, this campaign utilised a piece of malware that affected multiple browsers. The malware also exfiltrates website credentials that may bring additional risks to users.

What makes Adrozek different from earlier malware threats is that it gets installed on devices “though drive-by download” in which the installer file names carry a standard format of setup_.exe. When run, the installer drops an .exe file with a random file name in the temporary folder, which, in turn, drops the main payload in the Program Files folder. This payload seems like a legitimate audio-related software and carries names like Audiolava.exe, QuickAudio.exe, or converter.exe.

Researchers found that the malware is installed just like a usual program and can be accessed through the Apps & features settings. It is also registered as a Windows service with the same name. These tricks may keep it from getting caught by ordinary antivirus software.

However, just like any other malware, once installed, Adrozek makes changes to certain browser extensions. The Microsoft team noted this specifically on Google Chrome. It typically modifies the default “Chrome Media Router” extension. Similarly, on Microsoft Edge and Yandex Browser, it uses IDs of legitimate extensions, such as “Radioplayer”.

“Despite targeting different extensions on each browser, the malware adds the same malicious scripts to these extensions,” said Microsoft researchers team in the blog post.

The malicious scripts help attackers establish a connection with their server and fetch additional scripts that allow injecting advertisements into search results.

“In the past, browser modifiers calculated the hashes like browsers do and update the Secure Preferences accordingly. Adrozek goes one step further and patches the function that launches the integrity check,” the post said.

Adrozek is also found to be capable of preventing the browsers from being updated with the latest versions by adding a policy to turn off updates. Additionally, it changes system settings to have additional control of the compromised device.

There has been a heavy concentration of Adrozek in Europe, South Asia, and Southeast Asia, said the researchers. However, as the campaign is still active, it could expand to other geographies over time.

Microsoft is suggesting users to install an antivirus solution like the Microsoft Defender Antivirus that has a built-in endpoint protection solution, which uses behavior-based, machine learning-powered detects to block malware families including Adrozek.

Having said that, the scope of the latest malware campaign seems limited to Windows devices as there are no findings to highlight its impact on macOS or Linux machines.

Earlier this year, Microsoft pulled a list of extensions from its Edge Add-ons stores that were injecting ads into Google and Bing search results. Google also took a similar action on Chrome Web Store to restrict attackers from generating revenues by quietly pushing ads to search results. However, a malware campaign like Adrozek seems to require a tougher approach over pulling some extensions from Web stores.

Will Apple Silicon Lead to Affordable MacBooks in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated – see our ethics statement for details.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

Oppo A74 5G Spotted on Multiple Certification Websites, Tipped to Have 5,000mAh Battery, Android 11: Report

Oppo A74 5G has been reportedly spotted on multiple certification websites suggesting an imminent launch. The phone is one of the many Oppo...

Michael Kors Access Gen 5E Darci Smartwatch Now Available in India via Amazon

Michael Kors Access Gen 5E Darci smartwatch can now be purchased in India, the company known for its luxury watches has announced. The...

iPhone 13 May Have Up to 1TB Internal Storage and Improved LiDAR Sensors

iPhone 13 could come with a maximum internal storage capacity of 1TB, a report states. iPhone 12 comes with a maximum of 512GB...

Samsung’s working on its own desktop SMS tool, for some reason

There are a bunch of ways to access text messages from a desktop, including solutions from Google and Microsoft. And you know...
- Advertisement -