Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
Microsoft unveils new Adrozek malware affecting Chrome, Edge and Firefox browsers with adware
Some web browsers, such as Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox, are affected by new malware designed to insert ads in search results and add malicious browser extensions. Microsoft discovered the malware Adrozek in May and peaked in August, affecting more than 30,000 devices daily. The company said that Adrozek added browser extensions, changed specific DLLs for each target browser, changed browser settings, and often added unauthorized ads on top of legitimate ads from search engines. Is explained to be inserted into a web page. Attackers make money through affiliate advertising programs that pay for the amount of traffic they visit on sponsored affiliate pages. Adware is generally not considered a serious threat, but it can be dangerous because it can extract the user’s location and other credentials, and there is a risk of unauthorized access to personal information.
The company also explains that malware designed to insert ads into web browsers is not new. However, the size of the browsers affected by Adrozek shows that the new malicious campaign is sophisticated. As mentioned earlier, this allows an attacker to steal website credentials and put the affected device at additional risk. The company tracks 159 unique domains, each hosting an average of 17,300 unique URLs, and states that each domain hosts an average of over 15,300 different polymorphic malware samples. Countries most affected by this malware include counties in India and Western Europe.
According to a blog post by the Microsoft 365 Defender Research Team, Adrozek malware modifies some of your browser’s DLL files, changing your browser’s settings and disabling security features. When the malware changes, it stops auto-stopping security updates for your browser, allowing you to run malicious extensions without getting the proper permissions, and hides the extensions from the toolbar. “In the past, browser modifiers calculated hashes like browsers and updated their secure settings accordingly. Adrozek goes one step further and patches the ability to invoke integrity checks. The 2-byte patch disables integrity checking, making browsers more vulnerable to hijacking and tampering. “
At this time, the malware seems to be affecting devices running Windows OS and there is no information about devices with macOS or Linux systems. Adrozek malware is installed on your device via drive-by downloads. According to Microsoft, users are advised to download Microsoft Defender Antivirus, which has an endpoint protection solution built into Windows 10, and use behavior-based machine learning protection to block such threats. .. End users who find this threat on their device are advised to reinstall their browser, the company said.
14/12/20 Çap et