Adrozek, » as it’s called by the Microsoft 365 Defender Research Team, employs an « expansive, dynamic attacker infrastructure » consisting of 159 unique domains, each of which hosts an average of 17,300 unique URLs, which in turn host more than 15,300 unique malware samples.
« Cybercriminals abusing affiliate programs is not new—browser modifiers are some of the oldest types of threats, » the Windows maker said. « However, the fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated. In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks. »