State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Browsers Targeted in Widespread Malware Campaign

NJCCIC Alert

Original Release Date: 12/17/2020

Summary

Researchers from Microsoft 365 Defender identified a malware campaign affecting Windows devices, dubbed Adrozek, which has been proliferating since May 2020. The malware affects popular search engines such as Microsoft Edge, Google Chrome, and Mozilla Firefox and is used to collect fees from affiliates via advertisement services. The infection vector appears to be drive-by downloads in which the user clicks on one of the 159 identified domains, each hosting an average of 17,300 URLs. The malware payload uses a file name that would make it appear as a legitimate audio-related software, such as Audiolava.exe, QuickAudio.exe, and converter.exe . Adrozek makes several changes to the system and browser, and is then installed and registered as a Windows service for the purpose of installing illegitimate extensions. These extensions inject ads into the search engine results in addition to various malicious actions, such as modifying security settings or scrapping website login credentials. Adrozek is polymorphic, using hundreds of thousands of unique malware samples, rendering signature-based anti-virus protection ineffective. Researchers assess that over 30,000 devices were affected daily during the peak of the campaign in August. Though the abuse of affiliate programs by cybercriminals is not new, the number of browsers affected by this malware, coupled with the level of persistence, ferocity of proliferation, and various other malicious actions Adrozek is able to perform, greatly increases the dangers of this malware campaign.

Recommendations

The NJCCIC recommends users avoid downloading and installing software from untrusted sources or links on suspicious websites and only download software updates from the appropriate vendor. Additionally, users may also configure security software to automatically download and install updates, and consider enabling a behavior-based anti-virus program. If infection is suspected, we advise users to re-install their browser. Technical details and indicators of compromise can be found in the Microsoft Security blog post and additional reporting can be found in the Bleeping Computer article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.