Adrozek Is A New Malware Strain With Big Plans. Microsoft recently issued a warning about an ongoing malware campaign. The malware, called Adrozek, seeks to install a browser-hijacking, credential-stealing malware strain onto as many PCs as possible.
Based on Microsoft’s analysis of the campaign, at its peak, it was able to infect more than 30,000 devices every single day.
Microsoft reported, “The Adrozek attackers…operate the way other browser modifiers do, which is to earn through affiliate ad programs, which pay for referral traffic to certain websites. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages.”
While it’s unclear who’s behind the campaign, it’s a group of hackers and not individuals. The campaign spans 159 domains that host an average of 17,300 URLs that have delivered more than fifteen thousand polymorphic malware samples infected devices between May through September of last year (2020).
Adrozek is a well-designed piece of code capable of slipping past many security measures and infecting Microsoft Edge and other Chromium-based browsers, along with Google Chrome and Mozilla Firefox browsers. Once installed, the malware will begin quietly installing browser extensions in the background and giving itself some persistence by adding new registry entries and creating a new Windows Service cryptically named “Main Service,” making it notoriously difficult to delete once Adrozek makes its way onto a target device.
The Adrozek malware strain’s main purpose seems to be to make money for its controllers via ads, making it a low-priority, non-urgent threat. That, however, could easily change any time the hackers felt so inclined.