In May Microsoft discovered a malware named Adrozek that affected Edge, Firefox, Chrome, and Yandex browser. This malware peaked in August and affected over 30,000 devices every day. If you think you are infected by it, or you want to know if you are a victim of it or not, read further. Here we explain what Adrozek malware does and how to stay protected from it.
What does Adrozek malware do?
Adrozek malware modifies web browsers like Chrome, Mozilla, Yandex, and Edge. This means all devices across the world are pretty much at risk because these are the popular browsers. Moreover, the malware is distributed via 159 malicious domains, and each domain hosts 17,300 distinct URLs. These domains are designed to bypass security tools that help detect threats.
To target browser and alter browser settings Adrozek malware modifies DLL per target browser and adds browser extensions. This helps attackers insert unauthorized ads into a web page and show them over real ads.
To make it successful, the malware pauses security settings thereby allowing malicious extensions to run without any permissions and hiding in plain site.
To understand the same, please refer to the screenshot given below:’
This is not all, Adrozek also allows attackers to read user credentials thereby exposing all sensitive information.
Tip: In such a case using a password manager like TweakPass can save your data from being exposed.
This password manager helps save usernames and passwords in a Secure encrypted Vault and generate complex random passwords.
Why Adrozek malware?
The main aim of Adrozek malware is to lead users to affiliate pages and serve them malware-inserted ads. Once, this is done the infection is spread silently and malicious browser extensions are added to the infected browser.
This malware campaign was identified in 2020.
New blog post: Attackers have been actively distributing Adrozek, an evolved browser modifier, at scale. At its peak, the threat was observed on >30K devices every day. The malware injects ads into search results pages and affects multiple browsers. https://t.co/s62oAYI3oc
— Microsoft Security Intelligence (@MsftSecIntel) December 10, 2020
Which countries are mostly affected by this virus?
India and western European countries are affected mostly.
What makes Adrozek different from earlier malware threats?
Unlike other malware infections, this threat gets installed on devices “though drive-by download” and due to this the installer file uses a general format of setup_.exe. When the installer is run a .exe file is dropped with a random file name in a temporary folder, this, in turn, adds the main payload in the Program Files folder. Once this is done the payload might run under the names Audiolava.exe, QuickAudio.exe, or converter.exe.
Since the malware is installed like any other program identifying it by any regular antivirus software is not easy.
Also, to make sure Adrozek stays for long the malware prevents browsers from being updated with the latest versions. This means to turn off updates hackers add a policy. This additional change makes using an antivirus even more necessary.
How to stay protected from Adrozek
To stay protected Microsoft suggests users install an antivirus solution.
For this, an antivirus that offers real-time protection, exploit protection, malware protection, and complete protection from all old and latest threats is recommended. Use Systweak Antivirus, a popular antivirus protection tool, that helps stay protected from Adrozek and other threats.
To learn more about it read the complete review.
To use Systweak Antivirus follow the steps below:
1. Download, install and run Systweak Antivirus.
2. Once done, click Scan Types and hit Deep Scan
3. We recommend using it as it more thorough and scans the system for all types of infections
4. Also, you can use the StopAll Ads browser extension added to Systweak Antivirus. This will help block unwanted ads too. This means you will have no unwanted ads and will be protected from all malware infections.
Having said that, since the scope of Adrozek is on Windows we recommend this Windows-specific tool. Also, as a precautionary measure, you should uninstall and then reinstall the web browsers you are using right now.
We hope this information helps you know about Adrozek and stay protected. Give Systweak Antivirus a try for all-round protection from all latest and old threats. This security tool is amazing and it helps to identify all types of threats.
How did you find the post? Do share your feedback in the comments section.