A well-organized threat campaign uses what Microsoft calls a "massive infrastructure" to stealthily distribute malware to web browsers including Chrome, Edge and Firefox, Forbes reports.
Users who find themselves caught up in this attack scenario which can add malicious extensions, inject malicious ads into search results and even steal credentials in some cases should, Microsoft says, "re-install their browsers."
In a write-up from the Microsoft 365 Defender Research Team, the "persistent malware campaign" named as Adrozek is explained in detail. It doesn't make for easy reading, and I'm not referring just to the technical level of the report. The researchers discovered that the campaign is both sophisticated and persistent in nature.
According to Forbes,Within the space of five months, the researchers tracked a total of 159 unique domains being used by the threat actors to distribute "hundreds of thousands" of malware samples. Each sample is unique courtesy of the polymorphic nature of this beast. One domain was found to be hosting 250,000 unique URLs, another 100,000, to give you an idea of the scale of this attack campaign.
This distribution infrastructure is not only massive; it's also dynamic. While some were alive for 24 hours and then vanished, others stayed active for as long as four months. The more persistent domains were distributing legitimate files in an apparent attempt to boost their reputation and evade detection. The malware itself poses as a legitimate Windows service once the infected file has been dropped into the program files directory via the Windows temporary directory.
