Skip to main content

Adrozek Is A New Malware Strain With Big Plans

By December 21, 2020May 5th, 2022Cybersecurity

Microsoft recently issued a warning about an ongoing malware campaign they discovered. It seeks to install a new browser hijacking, credential stealing malware strain called Adrozek onto as many PCs as possible.

Based on Microsoft’s analysis of the campaign, at its peak, it was able to infect more than 30,000 devices every single day.

Microsoft had this to say about the malware on a recent blog post:

“The Adrozek attackers…operate the way other browser modifiers do, which is to earn through affiliate ad programs, which pay for referral traffic to certain websites. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages.”

While it’s unclear who’s behind the campaign, it’s obviously a group of hackers and not an individual. The campaign spans 159 domains that host an average of 17,300 URLs that have delivered more than fifteen thousand polymorphic malware samples. These have been delivered to infected devices between May through September of this year (2020).

It’s a well-designed piece of code capable of slipping past many security measures and infecting Microsoft Edge and other Chromium-based browsers, along with Google Chrome and Mozilla Firefox browsers. Once installed, it will begin quietly installing browser extensions in the background and give itself some persistence by adding new registry entries and creating a new Windows Service cryptically named “Main Service,” which makes it notoriously difficult to be rid of once it makes its way onto a target device.

If there’s a silver lining to be found, it lies in the fact that so far at least, the main purpose of this malware strain seems to be to make money for its controllers via ads, which makes it a low-priority, non-urgent threat. That, however, could easily change any time the hackers felt so inclined.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.