PlusFinancial Times
Selected Articles from Financial Times on Moneycontrol Pro

MARKET NEWS

View More News
English
Specials
MoneycontrolBe a PRO
PlusFinancial Times
Selected Articles from
Financial Times on Moneycontrol Pro
Webinar :'Improve CX with a Robust Business Communication Strategy' at 11:30 AM on Dec 17, 2020 - presented by Knowlarity & Freshworks. Register now!
you are here: HomeNewsTechnology

New malware Adrozek is attacking Google Chrome, Firefox, other browsers: Report

Microsoft recommends users to use antivirus solutions such as Microsoft Defender, which offers endpoint protection, to be able to block this malware.

Moneycontrol News
Dec 12, 2020 / 07:12 PM IST
Representational Image

Representational Image

The latest blog post shared by the Microsoft 365 Defender Research team has warned readers about a new malware that has been attacking browsers such as Google Chrome, Firefox, Microsoft Edge, and Yandex.

The malware dubbed Adrozek is believed to have been at play since May 2020 with maximum attacks being reported in August 2020. It has been attacking browsers on over 30,000 devices daily at an average.

As per the Microsoft report, Adrozek is primarily prevalent in Europe, South Asia, and Southeast Asia, but may spread to other geographies soon as the campaign is still active.

Microsoft recommends users to use antivirus solutions such as Microsoft Defender, which offers endpoint protection, to be able to block this malware.

What does the malware do?

Close

Related stories

As per the Microsoft 365 Defender Research blog, Adrozek’s main function is to direct users to affiliate pages, which it accomplishes by adding malicious browser extensions. The malware also changes the browser settings of users to inject advertisements into webpages. It has been making changes to the Dynamic Link Library (DLL) files on browsers. For instance, when targeting Microsoft Edge, it is turning off MsEdge.dll, which is the security control of the browser.

The unique malware campaign that was identified in 2020 not only affects multiple browsers, but also exfiltrates website credentials, which exposes users to additional risks. Adrozek can additionally prevent browsers from getting updated to their latest versions by inserting policies that would turn off updates.

How does the malware work?

Adrozek gets installed in a device through the “drive-by download” method. The Microsoft blog post explains: “When run, the installer drops an .exe file with a random file name in the %temp% folder. This file in drops the main payload in the Program Files folder using a file name that makes it look like a legitimate audio-related software. We have observed the malware use various names like Audiolava.exe, QuickAudio.exe, and converter.exe. The malware is installed like a usual program that can be accessed through Settings>Apps and features and registered as a service with the same name.”

When attacking Microsoft Edge and Yandex, Adrozek uses IDs of legitimate extensions, whereas, on Google Chrome, it modifies the browser’s default “Chrome Media Router” extension. The malware attacks different extensions on every browser but uses the same scripts to infect the extensions. This helps it connect the browser to the server and insert ads into search results.
Moneycontrol News
TAGS: #malware attack #malware campaign #Microsoft 365 Defender Research
first published: Dec 12, 2020 05:38 pm

Must Listen

Coronavirus Essential | US experts give nod to Pfizer vaccine; Astrazeneca to combine its dose with Russian shots in testing

Coronavirus Essential | US experts give nod to Pfizer vaccine; Astrazeneca to combine its dose with Russian shots in testing

stay updated

Get Daily News on your Browser
Sections
Desktop Version »
Follow us on
Facebook Twitter Instagram Teglegram
Available On
Download from Google PlayDownload from App StoerDownload from Windows Phone
Disclaimer | Terms & Conditions | Privacy Policy | Cookie Policy | FAQs | Sitemap | Feedback
Network 18 Sites: News18 | Firstpost | CNBC TV18 | In.com | Cricketnext | Overdrive |Topper Learning

Copyright © e-Eighteen.com Ltd All rights resderved. Reproduction of news articles, photos, videos or any other content in whole or in part in any form or medium without express writtern permission of moneycontrol.com is prohibited.