An active threat
If you get nonsense links in the search results of Google and other search engines, your browser may just be infected with a dangerous trojan called Adrozek.
Earlier this month, Adrozek was described by the Microsoft 365 Defender Research Team: Microsoft.com. It described how this trojan infects computers and breaks web browsers before flooding webpages with disguised advertisements.
Adrozek, which has been around since at least May of 2020, was seen on tens of thousands of devices each day. It is a sophisticated threat that uses hundreds of domains to spread more than hundreds of thousands of unique Adrozek files. This is an active campaign that is potentially dangerous right now.
Because Adrozek uses so many different domains and so many different infection files, it can’t be blocked easily. Antivirus programs have to rely on behavioral analysis (Heuristic analysis) to catch this trojan, which means that the detections aren’t very specific.
Malware hidden in browser files
Not knowing what the malware is can make it hard for the victims to know how to remove Adrozek. But, in a way, the problem is obvious – the victim’s browser is infected:
- it shows nonsensical internet search results that lead to irrelevant sites,
- it randomly reloads sites without the user’s prompting,
- new browser features are missing,
- login details are stolen, online accounts get hacked.
Usually, such problems are caused by malicious browser extensions. But Adrozek is much more dangerous than that – and much more persistent.
Adrozek infects default extensions with malicious scripts. In addition, it changes core browser files in order to disable automatic updates and security checks.
This allows Adrozek to remain installed, but it also makes the infected browser vulnerable to other infections. After all, exploit kits often rely on vulnerabilities in outdated software to infect computers with malware.
Because Adrozek essentially breaks web browsers, it’s needed to reinstall them to get rid of this adware. Additional malware scans and password resets can also be helpful.
How to protect your device
Having to reinstall your browser to get rid of the Adrozek trojan is certainly an inconvenience. It would be good to avoid such infections.
One important thing to remember is to be very careful when downloading and installing software.
Adrozek and other infections tend to trick their victims into downloading and installing them. Malicious ads spread fake download links. Malware is disguised as useful files.
Malicious files can also arrive on computers hidden inside the installers of other programs. Pirating presents a risk of downloading such infected files.
Still, Adrozek is being spread by malicious websites, as observed by Microsoft. In this case, using a program with a web filter that can block malicious websites would be the most useful.
This is assuming that your browser, operating system, and other programs have all the latest updates installed and allow for automatic updating. Check your settings to make sure that this is the case.
If you observe something suspicious about the behavior of your browser, don’t feel like you’re being paranoid. Malware is very real even today, and many threats are just sneaky enough to escape their victims’ notice. Adrozek wants to make money from advertising, just like lots of other malware that cause excessive advertising. They also pose a threat to your privacy. Be proactive, remove threats quickly, and it will help you avoid future infections that could be much more serious.