Widespread Malware Campaign Affecting Chrome, Firefox, and Microsoft Edge

By | December 13, 2020

 

 

Widespread Malware Campaign Affecting Chrome, Firefox, and Microsoft Edge

Cloudeight Malware Warning

Our mission is to help you with your computer and to help keep you safe. Yesterday, I read a blog post from one of Microsoft security blogs that captured my attention.

Before we get started, if you’re using Emsisoft, you’re protected from this malware and its variants. 

In a report last Thursday, December 10, Microsoft issued a warning to users of four major web browsers:  Google Chrome, Mozilla Firefox, Microsoft Edge, and Yandex browsers, that a widespread malware attack affecting all four browsers is spreading rapidly around the globe.

According to Microsoft 365 Defender Research Team’s blog…

A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers—Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox—exposing the attackers’ intent to reach as many Internet users as possible.

We call this family of browser modifiers Adrozek. If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to sponsored affiliated pages.

 

Browser Malware
Image from Microsoft

Browser Malware
Image from Microsoft

Cybercriminals abusing affiliate programs is not new—browser modifiers are some of the oldest types of threats. However, the fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated. In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks.

Such a sustained, far-reaching campaign requires an expansive, dynamic attacker infrastructure. We tracked 159 unique domains, each hosting an average of 17,300 unique URLs, which in turn host more than 15,300 unique, polymorphic malware samples on average. In total, from May to September 2020, we recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia. As this campaign is ongoing, this infrastructure is bound to expand even further…

You can read the entire Microsoft blog post here. 

Emsisoft protects against this threat…

Emsisoft protects against this malware threat.

 

11 thoughts on “Widespread Malware Campaign Affecting Chrome, Firefox, and Microsoft Edge

  1. Gina

    Does this mean that we don’t have to worry as long as we don’t clock on any ads????

    Reply
  2. JoninOz

    Thank you TC & Darcy,
    Fortunately I never click on
    ads.
    When I look for a genuine product I get the stinkin’ ads following me within a few seconds even when I open different sites.
    Users should be aware that Google et al have a small Ad indicator beside the sought site address.
    One has to scroll down the page to find genuine sites, “just sayin’ 🙄

    Reply
  3. SB

    My first thought is, how does this malware get on my computer – that’s not mentioned in the excerpt above. My second thought is, Gee, even Microsoft employees won’t use Bing, not even for a screenshot. 😂

    Reply
  4. Joyce Linsenmeyer

    Does antivirus protectors catch this? Or does it just get into your computer and infect you with their malware? I have Norton 360 and I am hoping it has something to catch this from infecting my computer. Thank you for alerting us about this.

    Reply
    1. infoave Post author

      We don’t use or recommend Norton – so I cannot answer this. You might want to check with Norton.

      Reply
  5. D.

    Hopefully , this is where your Adblockers will help you also, built in and as entensions. Keep your browseres and extensions updated.

    If you can see Ads they are easier to click on than you think.

    Reply
    1. infoave Post author

      Extensions and ad blockers won’t necessarily prevent this – it is installed via drive-by download, not necessarily requiring users to click on ads.

      Reply
  6. Paul

    So, it sounds like Emsisoft is not needed as Microsoft defender takes care of this one…

    Reply
    1. infoave Post author

      Microsoft Defender currently protects users from this exploit. The question is for how long Microsoft will maintain Microsoft Defender – and how long will they provide the resources required to provide top-tier protection to its users. Microsoft has done this before with Microsoft One Live and Microsoft Security Essentials — both of which started off offering decent protection and ended up with millions of users infected with Malware and PUPs when Microsoft abandoned these antivirus tools.

      Reply
  7. Marjorie

    Something has affected my Gmail too. Have not received daily Cloudeight this morning, as well as two or three other daily newsletters not being received.

    Reply
  8. Nora

    I’m so glad I’ve been using Emsisoft for the last 4 1/2 years and will continue to do so. Any problems or questions with Emsisoft their support team is AMAZING and they get back to you immediately. Well worth the small cost and confidence it provides.

    Ps: I’m not being paid to say this!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *