Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Security Chrome Firefox IT

Microsoft Exposes Adrozek, Malware That Hijacks Chrome, Edge, and Firefox (zdnet.com) 17

Microsoft has raised the alarm today about a new malware strain that infects users' devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. From a report: Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day. But in a report today, the Microsoft 365 Defender Research Team believes the number of infected users is much, much higher. Microsoft researchers said that between May and September 2020, they observed "hundreds of thousands" of Adrozek detections all over the globe. Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia. Microsoft says that, currently, the malware is distributed via classic drive-by download schemes. Users are typically redirected from legitimate sites to shady domains where they are tricked into installing malicious software. The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.
This discussion has been archived. No new comments can be posted.

Microsoft Exposes Adrozek, Malware That Hijacks Chrome, Edge, and Firefox

Comments Filter:
  • by xack ( 5304745 ) on Thursday December 10, 2020 @02:41PM (#60816740)
    Which has been injecting ads into everything. The lastest being in your system tray and also blue screens of spam when you login. Microsoft just hates competition from malware.
  • From the article:

    Microsoft Defender Antivirus, the built-in endpoint protection solution on Windows 10, uses behavior-based, machine learning-powered detections to block Adrozek.

    If Windows Defender blocks Adrozek, why is it a thing?

    • by MrL0G1C ( 867445 )

      Indeed and:

      The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.

      Why do AV software keep allowing this kind of thing, there's a limited number of places that "reboot persistence" can exist so why not secure those places? If you look at "Autoruns" output then you can see everything that starts from all possible start-up points.

  • by oldgraybeard ( 2939809 ) on Thursday December 10, 2020 @03:03PM (#60816826)
    Microsoft products just keep coming and coming ;) life is good off the tracks.
  • by QuietLagoon ( 813062 ) on Thursday December 10, 2020 @03:38PM (#60816970)
    From the article... ""End users who find this threat on their devices are advised to re-install their browsers," Microsoft said today."
    How do "find" this threat on my browser?
    • It apparently show up as an extension you didn't install.

      • thx. I wish that were stated in bold in the article.... While I appreciate the in-depth reporting, once I read things like, you may have been infected, the first question that comes to mind is, how do I know if I have been infected. imo, that such explanation should b the second paragraph of any article about malware infections.
  • by Anonymous Coward

    which then proceeds to obtain reboot persistence with the help of a registry key

    What's a registry? I can't find one on my Linux system.

    • by HiThere ( 15173 )

      You aren't looking very carefully. A registry is the stuff that tells the system what application is supposed to open which files. Linux systems *do* have that. Well, most of them do, depending on which window manager you have installed. I think it was around Gnome 1.2 that this came in...I remember thinking that the shell automatically executing an activated file was dangerous....but it's *so* convenient. Just double-click on the file (depending on how your options are set) and the correct application

      • by tlhIngan ( 30335 )

        The registry is basically a hierarchical key-value store. That's it.

        There's lots of reasons why you'd want one - settings for example. usually they're stored in dozens of configuration files in various formats.

        Windows always had it (even in Windows 3.1), but everyone used INI files stored in WINDOWS directory instead. WIndows 95 consolidated this so all the system settings were also stored there.

        Most environments will have some form of registry these days because it's too useful a thing not to have - a gene

        • Windows always had it (even in Windows 3.1), but everyone used INI files stored in WINDOWS directory instead. WIndows 95 consolidated this so all the system settings were also stored there.

          Not really. Not only did a lot of that stuff still get stored in ini files in windows 95, but there are actually ini files in system directories in windows 7 as well. (And probably newer versions, but I don't have any newer versions of windows running here.)

  • ...shows that the kind of attack that just does not work on anything else but Windows is still an issue when they said they had fixed it ...

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...