Microsoft Security Research Team has recently reported (December 10) that a browser modifier malware they have named Adrozek has been widely observed in recent months. This malware affects multiple browsers, including Chrome, Edge, Firefox and Yandex Browser.
The mechanism of attack is modifying browser settings and DLL files to result in injection of unauthorized ads on web pages, sometimes on showing on popular search engines. These ads direct users to affiliated web pages providing attackers with major earnings from the traffic.
In some cases, credentials theft was also detected.
The malware is installed on the victim’s device through a ‘drive-by download’ – i.e. a file that is being downloaded to the device without the user’s intent or consent.
Mitigation
Keeping your browser up-to-date is always a recommended practice, especially in light of recent alerts regarding critical vulnerabilities in Chrome.
One of the changes that the Adzorec makes to the browser settings is adding a policy which turns off automatic updates, thus preventing it from restoring its security settings.
Additionally, the use of the GateScanner browser extension could likely prevent such an attack altogether, since the extension intercepts any download through the browser and sends tothe GS engine for scanning before letting it pass through.