12 December 20, 09:08
Quote:A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages, according to Microsoft.
At its peak in August, Adrozek was observed on more than 30,000 devices each day, researchers found, affecting multiple browsers.
The Adrozek family of malware changes browser settings to allow it to insert fake ads over legitimate ones, which earns the scammers affiliate advertising dollars for each user they can trick into clicking.
Making Adrozek an even more dangerous threat, the malware extracts data from the infected device and sends it to a remote server to be used later; and, in some cases, it steals device credentials.
The extensive proliferation and persistence of Adrozek across the world, and its impact on several browsers, including Google Chrome, Microsoft Edge, Mozilla Firefox and Yandex, represents a significant advancement in browser-modifier malware, researchers explained, in findings released on Dec. 10. New tools, the sheer size of the campaign’s infrastructure and the persistence of the malware once it infects a device has supercharged this bread-and-butter scam into a new age.
“This is a great example of how technically advanced modern attackers are,” Erich Kron, security awareness advocate at KnowBe4 told Threatpost by email. “While we often hear about data breaches and fraudulent wire transfers, campaigns like this quietly run in the background generating income by redirecting search results. In many cases, it’s likely that the advertisers are unaware that malware is being used to increase this traffic. The advertisers are losing money, as they are presenting ads to possibly uninterested people, while paying the cybercriminals.”
Read more: https://threatpost.com/adrozek-malware-f...es/162217/