In The Latest Blog Post, Microsoft Has Revealed Details Of A Nasty Malware That Is Attacking Google Chrome, Firefox, Edge, And Yandex Browsers.
Microsoft revealed details of Nasty malware in Its latest Blog that is attacking browsers like Google Chrome, Firefox, Edge, and Yandex.
Tech Giant Microsoft revealed details of Nasty Malware that it was attacking browsers like Google Chrome, Firefox, edge, and Yandex. They also revealed how malware attacks your browsers. Malware designed ads in the search results of users and also attacks by adding malicious extensions.
As per Adrozek that it’s been there since May and its attacks peaked in August Month just in 2 or 3 months of time duration. Malware affected over 30,000 devices every day as per Microsoft.
As per reports Malware targets users and brings them to affiliated pages by showing malware inserted ads on search results. The malware starts attacking by adding malicious browser extensions and also change the settings of the browser to insert ads in webpages. Not only this it will turn off security controls and get access for modification of DLL.
In the blog post of Microsoft 365, the Defender Research team stated that the campaign used a piece of malware that affected a number of browsers. They also noted that the malware exfiltrates website credentials that could bring additional risks to users.
The malware gets installed on devices “though drive-by download” in which the installer file names have a standard format of setup_.exe. When run, the installer drops an .exe file with a random file name in the temporary folder, which then drops the main payload in the Program Files folder.
The tech giant also stated that the malware is installed similarly to any other program and It can be accessed through the Apps & settings of features. Once it gets installed, it will start making changes to browser extensions.
“Despite targeting different extensions on each browser, the malware adds the same malicious scripts to these extensions,” the post noted. The malicious scripts help attackers form a connection with their server and get all scripts that allow injecting advertisements into search results.
“In the past, browser modifiers calculated the hashes like browsers do and update the Secure Preferences accordingly. Adrozek goes one step further and patches the function that launches the integrity check,” the blog post added. The report also stated that it prevents browsers from being updated with the latest versions by adding a policy to turn off updates. It also changes system settings to have additional control of the compromised device.
As per Microsoft, users should install an antivirus solution on their devices that has a built-in endpoint protection solution.