Adrozek gets paid by affiliate ad programs

Microsoft recently issued a warning about an ongoing malware campaign they discovered. It seeks to install a new browser hijacking, credential-stealing malware strain called Adrozek onto as many PCs as possible.

Based on Microsoft's analysis of the campaign, at its peak, it was able to infect more than 30,000 devices every single day.

Microsoft had this to say about the malware

"The Adrozek attackers...operate the way other browser modifiers do, which is to earn through affiliate ad programs, which pay for referral traffic to certain websites. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by the amount of traffic referred to sponsored affiliated pages."

While it's unclear who's behind the campaign, it's obviously a group of hackers and not an individual. The campaign spans 159 domains that host an average of 17,300 URLs that have delivered more than fifteen thousand polymorphic malware samples. These have been delivered to infected devices between May through September of this year (2020).

Aimed at Chromium-based and Firefox browsers 

It's a well-designed piece of code capable of slipping past many security measures and infecting Microsoft Edge and other Chromium-based browsers, along with Google Chrome and Mozilla Firefox browsers. Once installed, it will begin quietly installing browser extensions in the background and give itself some persistence by adding new registry entries and creating a new Windows Service cryptically named "Main Service," which makes it notoriously difficult to be rid of once it makes its way onto a target device.

Our perspective

If there's a silver lining to be found, it lies in the fact that so far at least, the main purpose of this malware strain seems to be to make money for its controllers via ads, which makes it a low-priority, non-urgent threat. That, however, could easily change any time the hackers felt so inclined.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~

 

By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can find us on LinkedIn, Facebook, and Twitter.

I am also a published author and speaker in cloud computing, work at home, and cybersecurity. I am working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association