We call this family of web app modifiers Adrozek.
Besides, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks.
The Adrozek malware is installed on devices through a drive-by download.
The distribution infrastructure is also very dynamic.
The malware uses various names like Audiolava.exe, QuickAudio.exe, and converter.exe.
This massive infrastructure reflects how determined the attackers are to keep this campaign operational, Microsoft added.
Microsoft advises end-users who find this malware on their devices to reinstall their browsers.
As a precautionary measure, end-users should ensure that their security software and operating systems are up to date.
source: www.techworm.net
