Adrozek infects more than 30,000 devices every day
Adrozek infects more than 30,000 devices every day

Microsoft has issued a warning about a new type of malware called Adrozek that can infect users' devices, steal data, hijack browsers, and change their settings to insert ads on search results pages.

The malware has been active since at least May 2020 and peaked in August of this year when it checked over 30,000 browsers per day.

Microsoft's research team estimates that the number of infected users is much higher. Microsoft researchers said: Between May 2020 and September 2020 they found thousands of Adrozek software infections worldwide.

The country with the highest casualties appears to be Europe, followed by Southeast Asia, where the program can infiltrate Microsoft Edge, Google Chrome, Yandex Browser and Mozilla Firefox.

Microsoft said: Malware is distributed via a classic download system and users are usually redirected from legitimate websites to suspicious domains where they trick them into installing malware.

After installation, Adrozek searches for malware for the installed browser. If the browser is found, an attempt is made to force the extension to be installed by changing the AppData folder.

Adrozek has changed some browser DLL files. To change browser settings, please deactivate browser security functions and do not recognize any unauthorized changes.

Changes made by the malware include the following:

  •     Turn off browser updates.
  •     Turn off file integrity checking.
  •     Turn off safe browsing.
  •     Register and activate the extension you added.
  •     Allow harmful plugins to run in stealth mode.
  •     Let the extension run without the correct permissions.
  •     Hide extension in toolbar.
  •     Change the default home page of the browser.
  •     Change the browser's default search engine.


These steps allow malware to add ads to search result pages so that operators can generate revenue by directing the traffic to the ads.

Microsoft said: Adrozek includes accessibility features that work through Firefox so that data is extracted from the browser and sent to the attacker's server.

As of May 2020, Microsoft has so far tracked 159 domains that Adrozek hosts. Each domain hosts an average of 17,300 dynamically generated unique URLs, and each URL hosts more than 15,300 samples of dynamically generated malware.



Save 80.0% on select products from RUWQ with promo code 80YVSNZJ, through 10/29 while supplies last.

HP 2023 15'' HD IPS Laptop, Windows 11, Intel Pentium 4-Core Processor Up to 2.70GHz, 8GB RAM, 128GB SSD, HDMI, Super-Fast 6th Gen WiFi, Dale Red (Renewed)
Previous Post Next Post