Microsoft has discovered that a persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers, including Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox. Microsoft calls this family of browser modifiers Adrozek, noting that if not detected and blocked, it adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to sponsored affiliated pages. While these types of campaigns are common and represent less of a threat than many types of malware, Adrozek stands out because of malicious modifications it makes to security settings and other malicious actions it performs. “The malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks,” states Microsoft. Read the blog at Microsoft and an article about Microsoft’s findings at Ars Technica.