• ad-slinging malware infecting windows browsers

    From Big Bad Bob@21:1/5 to All on Fri Dec 11 04:18:39 2020

    A windows-based browser exploit referred to as 'Adrozek' is plaguing
    windows web surfing victims with "an ongoing campaign to distribute
    malware that modifies web browsers to conduct credential theft and ad

    "Since at least May, 2020, unidentified cybercriminals have been
    distributing a family of browser modifiers dubbed Adrozek, Microsoft
    said. The code, which targets Google Chrome, Microsoft Edge, Mozilla
    Firefox, and Yandex Browser on Windows, mainly injects ads into search
    results pages."

    Apparently it edits content and injects advertisements, apparently over
    the top of legit ones, in browser search results. It also appears to
    modify a browser DLL (in windows, yeah) as well as browser settings.
    Apparently (in Firefox) it also acts as spyware, scanning for
    credentials, and sending what it finds to the attacker.

    "Microsoft said it has detected 159 unique domains, each hosting an
    average of 17,300 unique URLS that each host more than 15,300 unique, polymorphic malware samples on average. Its systems measured hundreds of thousands of contacts with Adrozek malware, mainly in Europe, South
    Asia, and Southeast Asia. And the campaign is ongoing."

    "This distribution system offers up software for download that unwitting victims run."

    SO it appears you have to download an installer to become a victim...

    "The installer drops a randomly named .exe file that installs a primary
    payload disguised as legitimate audio software in the Windows Program
    Files folder. The installed code then makes changes to various browser components and settings to enable ad injection and credential theft."

    "Adrozek also attempts to alter browser DLLs, such as MsEdge.dll in
    Microsoft Edge so changes to the Secure Preferences file won't be
    noticed. In Chromium-based browsers, it modifies a security-related hash integrity check used to prevent tampering. It also adds a policy to
    prevent the browsers it subverts from being updated."

    MS says it's Defender fixes this in Win-10-nic. But what about those of
    us who don't WANT Win-10-nic and use earlierl versions? I expect
    Defender will still work, if it's still updating its virus info.

    But I say "practice safe surfing" and do NOT web surf if you run the
    browser on windows... PERIOD!!!

    Also, since an executable installer download is involved, I have to
    wonder what effect script blockers, ad blockers, and popup blockers have
    on this particular vulnerability...

    (aka 'Bombastic Bob' in case you wondered)

    'Feeling with my fingers, and thinking with my brain' - me

    'your story is so touching, but it sounds just like a lie'
    "Straighten up and fly right"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)