Microsoft warns of Adrozek infecting browsers

Η Microsoft προειδοποίησε για το κακόβουλο λογισμικό κλοπής διαπιστευτηρίων που ονομάζεται , which affects all known browsers and even infected 30.000 devices every day.

Σε υπολογιστές που έχουν παραβιαστεί, το Adrozek εισάγει διαφημίσεις σε σελίδες αποτελεσμάτων μηχανών αναζήτησης και μπορεί να εισβάλει σε Microsoft Edge, Google Chrome, Yandex Browser και .

The malware uses scripts downloaded from servers controlled by Adrozek operators to inject advertisements into the compromised web browsing.

Η Microsoft recommends to users who find this threat on their devices, to reinstall them browsing them.

If Adrozek is not detected and blocked, it goes and adds browser extensions, modifies a specific DLL per browser and changes the browser settings to insert additional, unauthorized ads on web pages. ”

Although Microsoft has not yet found evidence that Adrozek is being used to promote malware on its victims' computers through advertisements, this can happen at any time.

Attackers can easily get infected with their targets, with additional malicious data or sell their access to other gangs in cyberspace.

Adrozek attackers, for now, work the way other browser modifiers do. That is, by winning through their affiliate ads, which pay for referral traffic to specific websites.

Το επιδιωκόμενο αποτέλεσμα είναι, οι χρήστες που αναζητούν συγκεκριμένες λέξεις-, να κάνουν ακούσια κλικ σε αυτές τις διαφημίσεις που έχουν εισαχθεί από το κακόβουλο λογισμικό, οι οποίες οδηγούν σε συνδεδεμένες σελίδες.

Hundreds of thousands of infected devices
In total, this ongoing campaign has so far used 159 domains and approximately 17.300 unique URLs and has managed to infect hundreds of thousands of devices, from May to September 2020.

Seeing that this massive campaign is still active and spreading to new computers every day, the Adrozek infrastructure continues to expand and add new domains. "The distribution infrastructure is also very dynamic. "Some of the domains operated for a single day, while others were active for up to 120 days," Microsoft said.

Interestingly, some of the domains distribute clean files like Process , possibly an attempt by attackers to improve the reputation of these domains and their URLs, to evade network protection programs.

As you will see below, from the map of the geographical distribution of malware, Greece is highly infected, as is the whole of Europe.

Adrozek features
Between May and September 2020, the attackers behind Adrozek infected their targets with an extremely vague malicious executable file, which is stored in the% temp% folder of the computer. It is a binary file that later installs the main malicious load on the program files and is covered as legitimate audio software

Once installed on the device, Adrozek will start adding malicious scripts that it uses to insert ads in various extensions for each of the browsers.

The malware will disable the items security settings in Microsoft Edge and other Chromium-based web browsers will disable secure browsing and enable compromised extensions in incognito mode.

Θα απενεργοποιήσει επίσης τις αυτόματες ενημερώσεις προγράμματος περιήγησης,  για να βεβαιωθεί ότι τα παραβιασμένα στοιχεία του προγράμματος περιήγησης δεν επαναφέρονται σε καθαρή .

Adrozek insists on adding registry entries and creating a new Windows service called "Main Service" to automatically start the main malware load when the system starts.

On systems where Mozilla Firefox is installed, Adrozek will also steal encrypted user credentials from victims' profiles.

Thus, while the main purpose of malware is to inject ads and report traffic to specific sites, the attack chain includes sophisticated behavior that allows intruders to gain a strong foothold in a device.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).