Microsoft has reported a ‘shapeshifting’ variant of a well-known malware strain that attacks browsers to embed malicious ads
With the pandemic seismically shifting the way we work, there is an increasing dependence on digital connectivity in our day-to-day lives.
As December rolls through to Christmas, Microsoft has now reported that a sophisticated set of malware attacks have trained their sights on big browsers: Mozilla Firefox, Microsoft Edge, and Google Chrome are all caught up in the exploit. Another link in the chain of cyber threats flourishing in the year of Covid-19.
While the technical detail runs deep, the malware commonly presents through a number of attack avenues. Web users who fall foul can expect unauthorised browser extensions being added, their search results’ advertisements presenting with malicious scripts that automate the theft of personal credentials, and even the complete shutdown of crucial security controls by affecting Dynamic-link Libraries (DLLs).
The Microsoft 365 Defender Research Team has issued a statement that certainly doesn’t evade the seriousness of the issue; more, it refers to a ‘persistent malware campaign’ called Adrozek—a family of malicious browser modifiers—that, if not identified and stopped, can entrench malicious ads which allows the threat actors to earn money via affiliate advertising.
These types of attacks are ambitious in scope, but by no means new. Browser modifiers represent some of the earliest underhand tactics of cyber criminals – a sign that older methods of stealing personal credentials are increasingly adapting to new digital environments.
Microsoft labels these ‘polymorphic’ attacks as dangerous but, optimistically, they are preventable. The Windows 10 proprietary Microsoft Defender Antivirus utilises behaviour-centric, machine learning-fuelled detecting capabilities to pursue, and ultimately block Adrozek, despite its shapeshifting abilities. Of course, it must be switched on and attuned to the latest threats through regular updating.
Looking beyond prevention: those who are unfortunate enough to have already been infected with the malware are advised to completely overhaul and reinstall browsers. Microsoft has steered users towards its malware literature, which details best practices around cybersecurity.