London Daily

Focus on the big picture.
Thursday, Jul 10, 2025

Microsoft Warns 'Adrozek' Malware is Infecting Thousands of PCs to Insert Ads

Microsoft Warns 'Adrozek' Malware is Infecting Thousands of PCs to Insert Ads

'We recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,' Microsoft said.

A new malware strain has been spreading to hundreds of thousands of Windows PCs in an effort to inject unauthorized ads into users’ search results, according to Microsoft.

The company has been tracking "Adrozek," a malware family capable of modifying multiple browsers including Google’s Chrome, Microsoft’s Edge and Mozilla’s Firefox in order to insert the ads into search result pages.

“At its peak in August, the threat was observed on over 30,000 devices every day,” Microsoft warned in a blog post on Thursday.

Inserting the ads into your search results is certainly annoying. But the real threat is how the malware can also steal login credentials from the Firefox browser, and potentially give hackers a launching pad for more damaging crimes.

Adrozek works by modifying a browser’s Dynamic Link Libraries or DLL files to change the settings, including turning off the security safeguards and the automatic updates. The result can place links to ads alongside legitimate ads, as the example below shows.



“The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages,” Microsoft said. “The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to sponsored affiliated pages.”

To deliver the malware, the hackers have been resorting to drive-by downloads. This can occur when a user clicks on a malicious link or visits a website that’s been tampered with. The PC will trigger the malware to download, which can sometimes install itself on the computer by exploiting a software vulnerability.

Hence, it’s a good idea to always keep your browser up to date. In other cases, the user will install the malware from a drive-by download, believing it to be a safe program.



In this case, Adrozek will drop an .exe file in the PC’s “temp” folder. The .exe file will then deliver the main malware payload in the “Programs Files” folder using a file name such as “Audiolava.exe, QuickAudio.exe, and converter.exe,” Microsoft said.

The company tracked Adrozek’s distribution to 159 unique domains, which hosted tens of thousands of URLs to try and spread the malware.

“In total, from May to September 2020, we recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,” Microsoft added. “As this campaign is ongoing, this infrastructure is bound to expand even further.



Although the malware is so far aimed at inserting unauthorized ads, Microsoft is concerned Adrozek could one day be used for more malicious crimes, such as redirecting users to scam websites. The good news is that the company’s built-in Windows Defender antivirus can detect and block Adrozek.

“End users who find this threat on their devices are advised to re-install their browsers,” the company added.


Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
US Imposes New Tariffs on Brazilian Exports Amid Political Tensions
Azerbaijan and Armenia are on the brink of a historic peace deal.
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Weinstein Victim’s Lawyer Says MeToo Movement Still Strong
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Labour Expected to Withdraw Support for Special Needs Funding Model
Leaked Audio Reveals Tory Aide Defending DEI Record
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
×