In a blog post, Microsoft has warned users of a group of cybercriminals who target popular web browsers, such as Google Chrome, Firefox and Microsoft Edge, with a malicious program called (Adrozek), which adjusts its settings in order to inject ads into search results pages, and sometimes steal passwords. User and other login data.
What is Adrozek and How does It Work?
Adrozek is considered a strain of malware that targets Windows computer users, and it is distributed through classic download systems or the so-called (drive-by downloads), as it tries to penetrate the browser defenses when the browser downloads one of the infected web pages that have reached more than two million pages. Until now.
In addition, Adrozek software is constantly changing its code; In order not to be discovered by traditional anti-virus programs, as it installs itself on the user’s computer as a normal program associated with sound, and the (Adrozek) program specifically targets Microsoft Edge, Google Chrome, Firefox, and Yandex browser widely used in Russian-speaking countries.
But because the top three browsers all rely on the open source Chromium engine, they are less likely to target them than Brave, Opera, and Vivaldi.
But Adrozek mods some browser DLL files; To change browser settings, disable browser security features, and not detect unauthorized modifications. The modifications that you make with this software include the following:
- Disable browser updates.
- Disable file integrity checks.
- Disable the Safe Browsing feature.
- Allow harmful plugins to run in incognito mode.
- Allow plugins to run without appropriate permissions.
- Hide plugins from toolbar.
- Modify the default browser home page.
- Modify the browser’s default search engine.
These steps allow the malware to inject ads into the search results pages, allowing its operators to reap profits by directing the user towards the ads, and you will be able to know that you are infected if you get a large number of strange-looking web links in the search results, as in the following images:
It is worth noting that these links are not necessarily malicious, but the developers of Adrozek malicious software get paid every time someone clicks on one of them.
How to get rid or avoid the Adrozek malware:
Usually, you can get rid of the adware by resetting the browser in the settings, but the Adrozek software hides well in the browser, changes or simulates the legitimate extensions, stops the security protection, disables automatic updates, and changes the registry entries, so the Getting rid of them takes a lot.
You will have to completely delete the web browser you are using, and all browsers based on the Chromium engine completely, perform a comprehensive scan of the computer, restart it, run the scan program again, then reinstall the browsers and import the saved bookmarks, in general, to avoid infection with this malicious software and any Other Malware, Make sure your computer’s web browsers are always up-to-date.