Chrome, Firefox, Edge, and other browsers are infected with malware that hijacks search results with ads and sometimes steals users' passwords and other login information, Microsoft announced yesterday (December 10) on its blog.

The malware, which Microsoft calls Adrozek, infects Windows machines through a "drive-by download" that attempts to break through browser defenses as soon as the browser loads one of more than 2 million malicious web pages.

This malware constantly modifies its code to evade conventional anti-virus detection and installs itself as a regular audio-related program.

"At its peak in August, this threat was observed on more than 30,000 devices daily," Microsoft said, adding that this malware campaign is still ongoing. End users who find this threat on their devices are advised to reinstall their browsers."

Adrozek specifically targets Mozilla Firefox, Google Chrome, the new Microsoft Edge browser, and the Yandex browser widely used in Russian-speaking countries. However, since the latter three are all based on the Chromium open source browser, other browsers such as Brave, Opera, and Vivaldi should also be considered vulnerable.

You will know you are infected if you see a large number of strange web links in your search results, as in the images below. These links are not necessarily malicious, but the scammers behind Adrozek get pennies every time someone clicks on one of these links.

Usually, resetting Chrome or resetting Firefox will remove the browser-hijacking adware.

However, Adrozek goes deep into the browser, modifying or mimicking legitimate extensions, turning off security protections, disabling automatic updates, and even modifying registry entries to create and run independent Windows services. [remove Firefox and all Chromium-based browsers completely (save bookmarks first), run a malware scan with your best anti-virus software, restart your PC and run the malware scan again, reinstall the browser and saved You will need to import the bookmarks.

The best way to avoid Adrozek infection is to keep your browser up-to-date and use the best antivirus program available.

If Adrozek merely adds dodgy search results, such drastic removal measures may not be entirely justified. If it is an ethically questionable "unwanted program," it is perfectly legal.

However, since Adrozek actively steals stored passwords from Firefox and disables all browser auto-updates and security settings, it is bona fide malware and needs to be removed ASAP.

"While the main goal of this malware is to inject ads and refer traffic to a specific website, the attack chain includes sophisticated behavior that allows the attacker to gain a strong foothold on the device," said a Microsoft blog post " The addition of credential theft behavior shows that attackers can expand their objectives to take advantage of the access they can gain"