How browser modifiers take you places you don't want to go : Internet Scambusters #962
If your Internet browser -- Edge, Chrome, Firefox, etc. -- seems to be working weirdly, you may have unknowingly installed a browser modifier.
The latest piece of this hijacking software that leads to Internet troubles is extremely sophisticated and hard to detect.
But, in this week's issue, we'll give you the information you need to avoid, identify, and get rid of this malware.
Let's get started…
How to Beat Browser Modifier Scams
How's your browser? Is it misbehaving, showing unexpected ads? Turning up weird results when you do a search? If so, you could be a victim of a browser modifier or hijacker.
These are pieces of malware that change the way your browser looks, inject ads onto some pages and into search engines, slow down your computer, and generally make web surfing a frustrating experience.
They're downloaded onto PCs via email attachments, Internet links, and even by what are known as "drive-by downloads" -- where malicious code is hidden on a web page and sneaks onto your PC when you visit.
The latest and most widespread of these is a group of browser modifiers called Adrozek. It was identified last year and hit a peak in December and this past January. And even though most Internet security software now detects it, users who don't use or haven't updated this software, or who were infected some time ago, could still be suffering.
Adrozek installs extensions -- mini programs designed to improve the operation of browsers like Edge, Chrome, and Firefox. It also modifies some of a browser's computer code, including security preferences, turns off browser updates, and then changes settings to show advertisements. Sometimes, the ads overlay genuine ones.
With some browsers, the malware is even capable of stealing user information and sending it back to the scammer.
In a recent warning, tech giant Microsoft said users, while searching for certain keywords, may click on them. In most cases, the links lead to affiliate pages that pay the scammers for each click, but they could also be used to install further malware onto a PC.
"Cybercriminals abusing affiliate programs is not new -- browser modifiers are some of the oldest types of threats," says Microsoft.
"However, the fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how this threat type continues to be increasingly sophisticated. In addition, the malware maintains persistence and exfiltrates website credentials, exposing affected devices to additional risks."
Hundreds of thousands of machines are said to have been infected globally and security experts fear the malware will spread because of the complex infrastructure developed by the scammers, which involves millions of unique Internet addresses (URLs) from which Adrozek is launched.
As Microsoft suggests, browser modifiers have stood the test of time -- which means that they must be effective. Some, like Adrozek, use a tactic known as polymorphism to change their structure after installation to avoid detection.
There are numerous varieties. And scammers use sneaky tricks to get you to install them. For example, they may use a pop-up with a "cancel" button. Clicking it downloads the malware.
Has My Browser Been Modified?
How can you tell if you have a browser modifier?
Well, the first sign is that unusual behavior we talked about earlier. The most obvious sign is that your home page -- the one that appears when you open the browser -- is different from the one you set up.
Some modifiers also change fonts and other elements of the browser's appearance. And, of course, if you install or update good security software, it should also be able to detect most modifiers.
Generally, any unexplained, erratic or slow behavior by your browser could indicate the presence of one. You can also check your browser's automatic update setting to see if it has been switched off.
More experienced users can look in their "Programs Files" folder for names they don't recognize. In the case of Adrozek, these include audiolava.exe, quickaudio.exe, and converter.exe, according to PC Magazine.
In addition, you can check your browser's "extensions" page to see if there's an add-on listed that doesn't appear in your toolbar.
Defend Yourself Against Browser Hijackers
So, what can you do? Here are five important actions.
- First, avoid installation in the first place by using and updating your Internet security suite and ensuring it checks sites and files in real time. Run scans regularly.
- Second, don't click on pop-ups. With some browsers, they can be disabled totally. But when one appears, simply close the tab or even the entire browser.
- Remove/delete/uninstall any browser extensions you don't recognize. This is a good practice for security in general.
- If you are downloading software, only use reputable sites. Some browser modifiers are hidden inside software bundles, especially those offering free downloads.
- It may be possible to uninstall a modifier, but it's usually best to remove and reinstall the entire browser. It's a good idea to regularly back up your browser's settings (but not if it's infected!) so you can reinstate them after a reinstall.
You'll find lots more information on individual browser modifiers and uninstallation here: Remove BrowserModifier (Virus Removal Instructions).
What's especially worrying about Adrozek, say the experts, is the level of sophistication, including distribution and polymorphism. Microsoft says this means it will grow further in the coming months.
Alert of the Week
Watch out for the arrival of a new and clever WhatsApp scam that is currently sweeping Europe.
You get a message that seems to come from someone you know saying they accidentally sent you a verification code they needed for their own smartphone.
In fact, they ordered up the code themselves, claiming they forgot their password. If you give them the code, they'll reset your password and have access to your account.
More info here: Bad Chat: Clever WhatsApp Scam Tricks You into Handing Account Over to Hackers – Beware This Message.
Time to conclude for today -- have a great week!