That’s the big three of the browsing markets and Microsoft says each at risk from the “Adrozek” browser modifiers. Redmond security researchers say the modifier has been in use since May this year, placing ads directly into search results. While ad bombing would be annoying enough, these ads are even more nefarious. As you probably guessed, they are fake ads. If an unwitting user clicks one, they are redirected to websites that give attackers money based on traffic. Microsoft says by August more than 30,000 devices have been infiltrated by Adrozek. Because companies have become quite good at protecting browsers from front on malware attacks, threat actors are turning to tricking users. Whether its from infected apps or by fooling them into clicking something malicious online.
Sophisticated Attack
Using ads is part of the bad actor’s playbook and has been for years. However, Microsoft says Adrozek is a particularly nasty variant because it is more sophisticated. It is more persistent and harder to remove, while also having the ability to steal user credentials. In a blog post, Microsoft details exactly how Adrozek targets users on the most popular web browsers: “Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to sponsored affiliated pages.” The company also offers a visual representation of the attack chain (main image). Tip of the day If your system drive is constantly full and you need to free some space, you might want to try Windows 10 Disk Cleanup in extended mode. Our tutorial also shows you how to create a desktop shortcut to run this advanced method right from the desktop.