London Daily

Focus on the big picture.
Saturday, May 31, 2025

Microsoft Warns 'Adrozek' Malware is Infecting Thousands of PCs to Insert Ads

Microsoft Warns 'Adrozek' Malware is Infecting Thousands of PCs to Insert Ads

'We recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,' Microsoft said.

A new malware strain has been spreading to hundreds of thousands of Windows PCs in an effort to inject unauthorized ads into users’ search results, according to Microsoft.

The company has been tracking "Adrozek," a malware family capable of modifying multiple browsers including Google’s Chrome, Microsoft’s Edge and Mozilla’s Firefox in order to insert the ads into search result pages.

“At its peak in August, the threat was observed on over 30,000 devices every day,” Microsoft warned in a blog post on Thursday.

Inserting the ads into your search results is certainly annoying. But the real threat is how the malware can also steal login credentials from the Firefox browser, and potentially give hackers a launching pad for more damaging crimes.

Adrozek works by modifying a browser’s Dynamic Link Libraries or DLL files to change the settings, including turning off the security safeguards and the automatic updates. The result can place links to ads alongside legitimate ads, as the example below shows.



“The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages,” Microsoft said. “The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to sponsored affiliated pages.”

To deliver the malware, the hackers have been resorting to drive-by downloads. This can occur when a user clicks on a malicious link or visits a website that’s been tampered with. The PC will trigger the malware to download, which can sometimes install itself on the computer by exploiting a software vulnerability.

Hence, it’s a good idea to always keep your browser up to date. In other cases, the user will install the malware from a drive-by download, believing it to be a safe program.



In this case, Adrozek will drop an .exe file in the PC’s “temp” folder. The .exe file will then deliver the main malware payload in the “Programs Files” folder using a file name such as “Audiolava.exe, QuickAudio.exe, and converter.exe,” Microsoft said.

The company tracked Adrozek’s distribution to 159 unique domains, which hosted tens of thousands of URLs to try and spread the malware.

“In total, from May to September 2020, we recorded hundreds of thousands of encounters of the Adrozek malware across the globe, with heavy concentration in Europe and in South Asia and Southeast Asia,” Microsoft added. “As this campaign is ongoing, this infrastructure is bound to expand even further.



Although the malware is so far aimed at inserting unauthorized ads, Microsoft is concerned Adrozek could one day be used for more malicious crimes, such as redirecting users to scam websites. The good news is that the company’s built-in Windows Defender antivirus can detect and block Adrozek.

“End users who find this threat on their devices are advised to re-install their browsers,” the company added.


Newsletter

Related Articles

0:00
0:00
Close
Satirical Sketch Sparks Political Spouse Feud in South Korea
Indonesia Quarry Collapse Leaves Multiple Dead and Missing
South Korean Election Video Pulled Amid Misogyny Outcry
Asian Economies Shift Away from US Dollar Amid Trade Tensions
Netflix Investigates Allegations of On-Set Mistreatment in K-Drama Production
US Defence Chief Reaffirms Strong Ties with Singapore Amid Regional Tensions
Vietnam Faces Strategic Dilemma Over China's Mekong River Projects
Malaysia's First AI Preacher Sparks Debate on Islamic Principles
White House Press Secretary Criticizes Harvard Funding, Advocates for Vocational Training
France to Implement Nationwide Smoking Ban in Outdoor Spaces Frequented by Children
Meta and Anduril Collaborate on AI-Driven Military Augmented Reality Systems
Russia's Fossil Fuel Revenues Approach €900 Billion Since Ukraine Invasion
U.S. Justice Department Reduces American Bar Association's Role in Judicial Nominations
U.S. Department of Energy Unveils 'Doudna' Supercomputer to Advance AI Research
U.S. SEC Dismisses Lawsuit Against Binance Amid Regulatory Shift
Alcohol Industry Faces Increased Scrutiny Amid Health Concerns
Italy Faces Population Decline Amid Youth Emigration
U.S. Goods Imports Plunge Nearly 20% Amid Tariff Disruptions
OpenAI Faces Competition from Cheaper AI Rivals
Foreign Tax Provision in U.S. Budget Bill Alarms Investors
Trump Accuses China of Violating Trade Agreement
Gerry Adams Wins Libel Case Against BBC
Russia Accuses Serbia of Supplying Arms to Ukraine
EU Central Bank Pushes to Replace US Dollar with Euro as World’s Main Currency
Chinese Woman Dies After Being Forced to Visit Bank Despite Critical Illness
President Trump Grants Full Pardons to Reality TV Stars Todd and Julie Chrisley
Texas Enacts App Store Accountability Act Mandating Age Verification
U.S. Health Secretary Ends Select COVID-19 Vaccine Recommendations
Vatican Calls for Sustainable Tourism in 2025 Message
Trump Warns Putin Is 'Playing with Fire' Amid Escalating Ukraine Conflict
India and Pakistan Engage Trump-Linked Lobbyists to Influence U.S. Policy
U.S. Halts New Student Visa Interviews Amid Enhanced Security Measures
Trump Administration Cancels $100 Million in Federal Contracts with Harvard
SpaceX Starship Test Flight Ends in Failure, Mars Mission Timeline Uncertain
King Charles Affirms Canadian Sovereignty Amid U.S. Statehood Pressure
Trump Threatens 25% Tariff on iPhones Amid Dispute with Apple CEO
Putin's Helicopter Reportedly Targeted by Ukrainian Drones
Liverpool Car Ramming Incident Leaves Multiple Injured
Australia Faces Immigration Debate Following Labor Party Victory
Iranian Revolutionary Guard Founder Warns Against Trusting Regime in Nuclear Talks
Macron Dismisses Viral Video of Wife's Gesture as Playful Banter
Cleveland Clinic Study Questions Effectiveness of Recent Flu Vaccine
Netanyahu Accuses Starmer of Siding with Hamas
Junior Doctors Threaten Strike Over 4% Pay Offer
Labour MPs Urge Chancellor to Tax Wealthy Over Cutting Welfare
Publication of UK Child Poverty Strategy Delayed Until Autumn
France Detains UK Fishing Vessel Amid Post-Brexit Tensions
Calls Grow to Resume Syrian Asylum Claims in UK
Nigel Farage Pledges to Reinstate Winter Fuel Payments
Boris and Carrie Johnson Welcome Daughter Poppy
×