Experts Reaction On 4 Major Browsers Are Getting Hit In Widespread Malware Attacks

According to Microsoft, a persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers—Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox—exposing the attackers’ intent to reach as many Internet users as possible.

Microsoft Report: https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/; More information: https://arstechnica.com/information-technology/2020/12/ongoing-malware-attacks-are-hitting-users-of-4-major-browsers/

Experts Comments

December 14, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Microsoft didn't specify what interactions are required for Adrozek infections to occur, so it's difficult to give practical advice on how to prevent it. Microsoft mentions that infections occur through "drive by downloads", which is not very specific. That being said, a lot of drive-by downloads occur through malicious scripts, so a script blocker extension like NoScript could help protect your browser. Don't click on links or attachments in unsolicited emails, messages, or advertisements......Read More
Microsoft didn't specify what interactions are required for Adrozek infections to occur, so it's difficult to give practical advice on how to prevent it. Microsoft mentions that infections occur through "drive by downloads", which is not very specific. That being said, a lot of drive-by downloads occur through malicious scripts, so a script blocker extension like NoScript could help protect your browser. Don't click on links or attachments in unsolicited emails, messages, or advertisements. Although Adrozek is mainly used for adware, its sophisticated capabilities mean it could be modified for much more serious attacks. If you think you're infected, uninstall and reinstall your web browser and run an antivirus scan. Uninstall the malicious programs or perform a system restore. If you're using Firefox, you should also change all the passwords stored in your browser.  Read Less
December 14, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
Unfortunately, we don't know what, if any, user actions are required to enable these infections. However, I can't stress enough to users to never install an app or extension simply because a website informs you that your machine needs an update to Flash Player or some other app, extension, or plug-in. It appears that since this malicious payload is in a ".exe" file, only Windows users are affected. This makes sense, as macOS and Linux users amount to only a fraction of the numbers of Windows.....Read More
Unfortunately, we don't know what, if any, user actions are required to enable these infections. However, I can't stress enough to users to never install an app or extension simply because a website informs you that your machine needs an update to Flash Player or some other app, extension, or plug-in. It appears that since this malicious payload is in a ".exe" file, only Windows users are affected. This makes sense, as macOS and Linux users amount to only a fraction of the numbers of Windows users. However, this doesn't make it any less important for Mac and Linux users to not follow safe computing guidelines such as I mentioned above.  Read Less
December 14, 2020
Erich Kron
Security Awareness Advocate
KnowBe4
This is a great example of how technically advanced modern attackers are. While we often hear about data breaches and fraudulent wire transfers, campaigns like this quietly run in the background generating income by redirecting search results. In many cases, it’s likely that the advertisers are unaware that malware is being used to increase this traffic. The advertisers are losing money, as they are presenting ads to possibly uninterested people, while paying the cybercriminals. The addition .....Read More
This is a great example of how technically advanced modern attackers are. While we often hear about data breaches and fraudulent wire transfers, campaigns like this quietly run in the background generating income by redirecting search results. In many cases, it’s likely that the advertisers are unaware that malware is being used to increase this traffic. The advertisers are losing money, as they are presenting ads to possibly uninterested people, while paying the cybercriminals. The addition of credential theft from the Firefox browser is a valuable tool. Attackers love to have access to usernames and passwords that they will then use in credential stuffing attacks on other accounts such as banking or shopping websites. These are successful because people often reuse the same password for many different accounts. To defend against this, users need to be educated about the dangers of installing software from untrusted websites, and the importance of password hygiene, including not reusing them across accounts.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts