Google Chrome, Firefox, Microsoft Edge, and Yandex browsers are affected by an ongoing malware campaign that is designed to inject ads into search results and add malicious browser extensions, Microsoft revealed on Thursday. Dubbed Adrozek, the newly discovered malware family has been at scale since at least May this year and the attacks peaked in August with the threat being noticed on more than 30,000 devices every day.
Microsoft said that from May to September, it recorded hundreds of thousands of encounters of the Adrozek malware globally. The company tracked 159 unique domains, each hosting an average of 17,300 unique URLs, which, in turn, host an average of over 15,300 distinct, polymorphic malware samples.
The ultimate aim of the new malware campaign is to lead users to affiliated pages by serving malware-inserted ads on search results. However, to begin the action, the malware silently adds malicious browser extensions and changes browser settings to insert ads into webpages — often on top of legitimate ads from search engines. It is also claimed to modify DLL per target browser, MsEdge.dll on Microsoft Edge for instance, to turn off security controls.
The Microsoft 365 Defender Research team noted in a blog post that although cybercriminals abusing affiliate programs was not new, this campaign utilised a piece of malware that affected multiple browsers. The malware also exfiltrates website credentials that may bring additional risks to users.
What makes Adrozek different from earlier malware threats is that it gets installed on devices “though drive-by download” in which the installer file names carry a standard format of setup_.exe. When run, the installer drops an .exe file with a random file name in the temporary folder, which, in turn, drops the main payload in the Program Files folder. This payload seems like a legitimate audio-related software and carries names like Audiolava.exe, QuickAudio.exe, or converter.exe.
Researchers found that the malware is installed just like a usual program and can be accessed through the Apps & features settings. It is also registered as a Windows service with the same name. These tricks may keep it from getting caught by ordinary antivirus software.
However, just like any other malware, once installed, Adrozek makes changes to certain browser extensions. The Microsoft team noted this specifically on Google Chrome. It typically modifies the default “Chrome Media Router” extension. Similarly, on Microsoft Edge and Yandex Browser, it uses IDs of legitimate extensions, such as “Radioplayer”.
“Despite targeting different extensions on each browser, the malware adds the same malicious scripts to these extensions,” said Microsoft researchers team in the blog post.
The malicious scripts help attackers establish a connection with their server and fetch additional scripts that allow injecting advertisements into search results.
“In the past, browser modifiers calculated the hashes like browsers do and update the Secure Preferences accordingly. Adrozek goes one step further and patches the function that launches the integrity check,” the post said.
Adrozek is also found to be capable of preventing the browsers from being updated with the latest versions by adding a policy to turn off updates. Additionally, it changes system settings to have additional control of the compromised device.
There has been a heavy concentration of Adrozek in Europe, South Asia, and Southeast Asia, said the researchers. However, as the campaign is still active, it could expand to other geographies over time.
Microsoft is suggesting users to install an antivirus solution like the Microsoft Defender Antivirus that has a built-in endpoint protection solution, which uses behavior-based, machine learning-powered detects to block malware families including Adrozek.
Earlier this year, Microsoft pulled a list of extensions from its Edge Add-ons stores that were injecting ads into Google and Bing search results. Google also took a similar action on Chrome Web Store to restrict attackers from generating revenues by quietly pushing ads to search results. However, a malware campaign like Adrozek seems to require a tougher approach over pulling some extensions from Web stores.
Will Apple Silicon Lead to Affordable MacBooks in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.
How to Browse Vi Recharge Packs by Pack Type
Wondering how to browse Vi (Vodafone Idea) recharge packs by pack type? Vi offers a host of recharge options for both prepaid and postpaid users. It offers easy ways for its customers to get their recharge done from its official website as well as its Android and iOS mobile apps. Vi is one of the largest telecom operators in the country and has been offering better voice call quality compared to the competition, according to data from the Telecom Regulatory Authority of India (TRAI).
To get a Vi number reacharge, customers can head to the official MyVi website or download the Vi app that is available for free on Google Play and App Store. You can go through the various plans that Vi offers. And to help you do so, we have put together a step-by-step guide to browse the website and app to recharge your Vi number.
Vi prepaid plans on MyVi website
On the homepage, you should see a space where you can enter you mobile number to quickly get a recharge.
To browse the Vi recharge plans, you can enter your number here and select whether your connection type is prepaid or postpaid.
On the next page, scroll down to see the list of plans that Vi offers.
Alternatively, on the homepage, you can hover over the Recharge tab on the top of the page and select Prepaid Plans.
First thing to do here is make sure that your circle or area is selected on the right as packs can vary for different regions.
You will then see Vi prepaid plans for your circle categorised as unlimited, combo, and others.
Unlimited plans, as the name suggests, include a list of plans with unlimited calling. Combo plans offer a mix of talktime and data. There are others packs that offer just data or just talktime, as well as SMS, vouchers, or entertainment pack offers.
Vi postpaid plans on MyVi website:
- Hover over the Pay Bill tab right next to the Recharge tab on the top of the page
- Select Postpaid Plans
- There are no categories for postpaid plans so all four should be presented
Vi prepaid and postpaid plans on app:
- First, if you don’t already have the app, download the Vi app from App Store or Google Play.
- Enter your Vi mobile number to register.
- On the homepage, you will see a Recharge option at the bottom, tap on it.
- On this page, you will see all the Vi recharge plans categories into recommended, unlimited, combo, talktime, data, plan voucher, SMS, caller tunes, and roaming.
What will be the most exciting tech launch of 2021? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.
Linux 101: Renaming files and folders
In your quest to migrate to the Linux operating system, you’ve found the command line interface a must-know skill. Fortunately, Jack Wallen is here to help you with the basics.
I’m going to help you learn a bit more about Linux. If you’re new to the operating system, there are quite a few fundamental tasks you’re going to need to know how to do. One such task is renaming files and folders.
You might think there’s a handy rename command built into the system. There is, but it’s not what you assume. Instead of renaming a file or folder, you move it from one name to another, with the mv command. This task couldn’t be any easier.
SEE: Linux: The 7 best distributions for new users (free PDF) (TechRepublic)
For instance, if you have a file named script.sh and you want to rename it backup.sh. For that you’d issue the command:
mv script.sh backup.sh
The first file name is the original and the second is the new name–simple. For folders, it’s the same thing. If you have a folder named “project” and you want to rename it “python_projects.” For that, you’d issue the command:
mv projects python_projects
One nice thing about the mv command (besides its simplicity) is that it does retain the original directory attributes, so you don’t have to worry about reassigning things like permissions and ownership. Even if you issue the command with sudo privileges, it won’t shift the directory ownership to root.
Another handy feature is that you don’t have to leave the file in the same directory. If you have script.sh in your home directory and you want to rename it to “backup.sh” and move it to /usr/local/bin/ at the same time. Once again, that’s as simple as:
sudo mv script.sh /usr/local/bin/backup.sh
The reason why you have to use sudo is because the /usr/local/bin directory is owned by root, so your standard user won’t have permission to move the file into the directory.
And that’s all there is to renaming files and folders from the Linux command line. Enjoy that new skill.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Improving Makeup Face Verification by Exploring Part-Based Representations
Facial recognition has been more and more widely used recently; however, there are some issues in this field. One of them is facial makeup because it can change the facial appearance and compromise a biometric system. A recent study suggests a technique to improve facial recognition with makeup.
It explores part-based representations. Different parts of a face are affected by cosmetics differently; therefore, this approach can increase the accuracy of face recognition. Two strategies of cropping the face are analyzed.
Firstly, splitting into four components: left periocular, including the eye and eyebrow, right periocular, nose, and mouth. Secondly, dividing the face into three facial thirds. After cropping, features are extracted using convolutional neural networks (CNN) and fused with the holistic score. The results show that this approach let to achieve improvements even without fine-tuning or retraining CNN models.
Recently, we have seen an increase in the global facial recognition market size. Despite significant advances in face recognition technology with the adoption of convolutional neural networks, there are still open challenges, as when there is makeup in the face. To address this challenge, we propose and evaluate the adoption of facial parts to fuse with current holistic representations. We propose two strategies of facial parts: one with four regions (left periocular, right periocular, nose and mouth) and another with three facial thirds (upper, middle and lower). Experimental results obtained in four public makeup face datasets and in a challenging cross-dataset protocol show that the fusion of deep features extracted of facial parts with holistic representation increases the accuracy of face verification systems and decreases the error rates, even without any retraining of the CNN models. Our proposed pipeline achieved state-of-the-art performance for the YMU dataset and competitive results for other three datasets (EMFD, FAM and M501).
Research paper: de Assis Angeloni, M. and Pedrini, H., “Improving Makeup Face Verification by Exploring Part-Based Representations”, arXiv:2101.07338. Link: https://arxiv.org/abs/2101.07338
- Technology8 months ago
First iPhone jailbreak in four years released
- Technology6 months ago
Is OnePlus Nord the Best Phone Under Rs. 30,000?
- Technology8 months ago
The Complete Guide for Building a Website
- Technology7 months ago
Check out the new Gaming Leader: Playstation 5
- Entertainment6 months ago
Jack Harlow Denies JW Lucas’ Credit in Hit ‘Whats Poppin’ After Controversial Breonna Taylor Remarks
- Entertainment6 months ago
Gwyneth Paltrow Names Rob Lowe’s Wife as Her Mentor in Giving Blow Job
- Entertainment6 months ago
Billie Eilish Reflects on Self-Growth on Sweet New Song ‘My Future’
- Entertainment6 months ago
Grimes Slams Baby Daddy Elon Musk After He Tweets ‘Pronouns Suck’