Tag: firefox | Page 3

Google Chrome, Firefox, Edge hijacked by massive malware attack: what you need to know

December 15, 2020/in Computer Security

With the pandemic seismically shifting the way we work, there is an increasing dependence on digital connectivity in our day-to-day lives.

As December rolls through to Christmas, Microsoft has now reported that a sophisticated set of malware attacks have trained their sights on big browsers: Mozilla Firefox, Microsoft Edge, and Google Chrome are all caught up in the exploit. Another link in the chain of cyber threats flourishing in the year of Covid-19.

While the technical detail runs deep, the malware commonly presents through a number of attack avenues. Web users who fall foul can expect unauthorized browser extensions being added, their search results’ advertisements presenting with malicious scripts that automate the theft of personal credentials, and even the complete shutdown of crucial security controls by affecting Dynamic-link Libraries (DLLs).

The Microsoft 365 Defender Research Team has issued a statement that certainly doesn’t evade the seriousness of the issue; more, it refers to a ‘persistent malware campaign’ called Adrozek—a family of malicious browser modifiers—that, if not identified and stopped, can entrench malicious ads which allows the threat actors to earn money via affiliate advertising.

These types of attacks are ambitious in scope, but by no means new. Browser modifiers represent some of the earliest underhand tactics of cyber criminals – a sign that older methods of stealing personal credentials are increasingly adapting to new digital environments.

Microsoft labels these ‘polymorphic’ attacks as dangerous but, optimistically, they are preventable. The Windows 10 proprietary Microsoft Defender Antivirus utilities behavior-eccentric, machine learning-fueled detecting capabilities to pursue, and ultimately block Adrozek, despite its shape shifting abilities. Of course, it must be switched on and attuned to the latest threats through regular updating.

Looking beyond prevention: those who are unfortunate enough to have already been infected with the malware are advised to completely overhaul and reinstall browsers. Microsoft has steered users towards its malware literature, which details best practice around cyber security.

Source…

Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox

December 10, 2020/in Computer Security

Microsoft has raised the alarm today about a new malware strain that infects users’ devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages.

Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day.

But in a report today, the Microsoft 365 Defender Research Team believes the number of infected users is much, much higher. Microsoft researchers said that between May and September 2020, they observed “hundreds of thousands” of Adrozek detections all over the globe.

Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia.

How Adrozek spreads and works

Microsoft says that, currently, the malware is distributed via classic drive-by download schemes. Users are typically redirected from legitimate sites to shady domains where they are tricked into installing malicious software.

The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.

Once persistence is assured, the malware will look for locally installed browsers such as Microsoft Edge, Google Chrome, Mozilla Firefox, or the Yandex Browser.

If any of these browsers are found on infected hosts, the malware will attempt to force-install an extension by modifying the browser’s AppData folders.

To make sure the browser’s security features don’t kick in and detect unauthorized modifications, Adrozek also modifies some of the browsers’ DLL files to change browser settings and disable security features.

Modifications performed by Adrozek include: