Adrozek Malware

The Adrozek Malware is a Trojan that injects potentially-corrupted advertisements into the user's Web browser and collects private credentials. The Trojan's installation abuses traditional drive-by-download tactics that may trick users into installing it or take advantage of available software vulnerabilities. Users should respond by removing the Adrozek Malware through a trusted anti-malware solution and immediately changing security information, such as passwords, as appropriate.

The Danger in What Seems Like Simple Adware

Potentially Unwanted Programs (PUPs), browser hijackers, and adware – advertising-oriented software – are usually rated as less of a security problem than, for comparison, a backdoor Trojan or multi-module spyware kit. Still, the lines between higher threats and lower ones may become more than slightly vague, as in the Adrozek Malware campaign. This Trojan of 2020 combines some of the features of usually-legal products with attacks from a more clearly-threatening one.

First identifiable earlier in the year, the Adrozek Malware spreads through drive-by-download tactics and exploits, with its administrators shoring up numbers in Europe and some parts of Asia. The Trojan's distribution infrastructure makes notably extensive use of polymorphic behavior, dynamic addresses, and a ready supply of backup domains for guaranteeing its long-term longevity on the Web. Its intended victims are Windows users, but more specifically, users of browsers like Chrome, Edge, Yandex or Firefox.

The Adrozek Malware sets up persistence in the Windows Registry before taking over the browsers via threatening, incognito mode-persistent extensions and unauthorized DLL changes. It disables security features like Safe Browsing or update management, hides its new extension from visibility, and resets home pages and search engines.

All of these features merely support the main thrust of the Adrozek Malware's payload: injecting advertisements into the user's search pages for profiting from affiliate traffic revenue. Malware analysts also warn that the Adrozek Malware includes a limited, spyware-like capacity for collecting browser credentials – such as passwords.

Pulling Out the Advertisement Injection Needle

While the Adrozek Malware's superficial symptoms aren't too-dissimilar to adware, which is a minor security issue, the Adrozek Malware's capabilities are more invasive and illicit than those of a Potentially Unwanted Program significantly. As ever, Windows users should be proactive about avoiding infections through safe browsing habits. Installation tactics for this threat are likely to use 'software updates' disguise themes, such as fake driver or media player updates through streaming websites or advertising networks.

Users also can improve their security on the Web by disabling features that are more exploitable, such as Flash, Java and JavaScript.

Immediate symptoms of the Adrozek Malware limit themselves to the associated unavailability of security features and the changes to search engine results. Users should assume that the Adrozek Malware is active and persistent, including its extension, unless actions are taken specifically for disabling it. Web browsers may require re-installation, and victims should change all passwords stolen by the Trojan and uploaded to its servers before attackers compromise the related accounts.

Professional anti-malware tools should delete the Adrozek Malware as a threat on sight. There's no current suggestion that the Trojan extends its anti-security features towards disabling non-browser-based security products.

The Adrozek Malware's admins are rotating through domains rapidly, with extensive backups for getting the Trojan 'out and about' as reliably as possible. Those who do their parts for protecting their PCs from the Adrozek Malware are more than just self-serving: they're helping take down a rapidly-growing internet criminal empire.