Adrozek threatens Chrome, Edge, Firefox and Yandex

Microsoft has launched the alarm in recent days: a new family of malware has been going crazy since May this year and puts users of browsers such as Edge, Chrome, Yandex and Firefox at serious risk. With the exception of a few browsers (which are of low distribution, apart from Safari), therefore, the danger seems to be quite widespread and the numbers have advised Microsoft more widespread information on what this attack can do.

What opens up is a not new scenario: a malware that tries to infiltrate as many systems as possible to monetize its actions on the browser. This specific family, however, has characteristics that make its evolution particularly more insidious and, in fact, the numbers were important right from the start. Microsoft is now calling for an important preventive action because this is the only way to truly eradicate the further expansion of a malware which, once it has expanded, risks escalating to an even more serious and dangerous threat.

A threat called Adrozek

Microsoft explicitly refers to a "family" of malware because under the name Adrozek there is a very elaborate attempt to attack, but in which the common matrix is ​​the ability to modify specific DLLs, modifying browser settings and finally injecting unauthorized advertisements on the pages. The ultimate purpose seems to be precisely this, that is to monetize the "colonized" browser in order to be able to accrue income through advertising channels and affiliations.

How Adrozek works

The potential risk, even if not explored for the moment, is that of uses for even more serious fraudulent purposes (for example through the theft of credentials and personal data). This is an example of what malware can do once it has infiltrated the system:

Effects of Adrozek on the browser

The problem is particularly gripping Europe thanks to a system that starts from a network of 159 domains, each containing an average of 17300 different URLs, on each of which different versions of the code are available (over 15 thousand unique versions identified). Overall, hundreds of thousands of installations have already been identified, for a presumably already considerable volume of business.

Malware has particular characteristics of persistence and the ability to "blend in" between extensions such as to make it particularly insidious, for this Microsoft explains that it is working on its Defender Antivirus to try to identify the problem a priori (for example by filtering specific dangerous URLs) before it can leave a mark on your system.

All the details on the malware are described in the specific Microsoft study.