fbpx
adrozek malware

Beware Adrozek Malware

Following our blog about unwanted ads last weekend, I thought I would pass on a warning from Microsoft, which came out last Thursday.

A piece of malware is targeting major browsers such as Edge, Chrome and Firefox and incidents have been found all over the world.

It works by injecting itself into search results and it appears to be legitimate.  If not blocked, the Adrozek malware puts advertisements into web pages, and it also disables security settings.

Microsoft warns that the malware is extremely difficult to find as it uses 159 domains and many thousands of unique ads.  This is known as a polymorphism attack, and many antivirus solutions cannot identify it.  Most of the ads contain affiliate links which mean that the attacker gets a payment each time a victim buys something after clicking on one of the advertisements.

Beware in particular if you use Firefox, as the malware looks for encrypted data showing user credentials and passes them to the attacker after cracking the encryption.

Microsoft has provided example paths and extension IDs for each browser as shown in the table below:

BrowserExtension paths examples
Microsoft Edge%localappdata%\Microsoft\Edge\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch
Google Chrome%localappdata%\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm (might vary)
Mozilla Firefox%appdata%\Roaming\Mozilla\Firefox\Profiles\<profile>\Extensions\{14553439-2741-4e9d-b474-784f336f58c9}
Yandex Browser%localappdata%\Yandex\YandexBrowser\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch

Source: Microsoft

One of the solutions if you find that you have been attacked is to uninstall then re-install the browser.  If you need any help with that, please don’t hesitate to give us a call on 01522 797512.

Diana

(Managing Director)