The impact of such changes on a browser is significant. Microsoft stated, “Cyber criminals who abuse affiliate programs are not new. Browser modifiers are one of the oldest types of threats.
“The fact that this campaign uses malware targeting multiple browsers is an indication of how this type of threat is becoming increasingly complex.
“In addition, the malware maintains persistence and filters out the website’s credentials, exposing affected devices to additional risks.”
Windows 10 manufacturers said they discovered 159 unique domains between May and September that were used to distribute hundreds of thousands of malware samples as part of the Adrozek campaign.
Some of these domains were only active for one day, while others lived up to 120 days longer.
Many of these domains themselves have hosted tens of thousands of URLs, one of which is hosting nearly 250,000. This highlights the massive infrastructure used in this latest malware campaign.