New browser hijacker/click fraud malware threatens Windows users

In its latest Security Intelligence Report, Microsoft has noted that malware designed to make money for the attacker via click fraud, performing Bitcoin mining, and redirecting search results, has been plentiful in the last quarter of 2014.

Cyber crooks seem to love that type of malware, as if often lays undetected on the victims’ computer, and makes money for them steadily and easily – they don’t have to sell stolen data on underground forums, or risk being tied to direct extortion such as with ransomware.

Now, there are long-standing malware families of this kind that have proven to be extremely hardy and have been around for years, but new ones pop up all the time.

Take for example the Miuref, a piece of malware that hijacks browsers and search results. First detected in December 2013, the malware is spread via a number of vectors: spam emails, social engineering approaches trying to convince users to run its installer (the commercially available and legitimate Nullsoft installer), and via dropper Trojans.

According to Microsoft research, Miuref is capable of doing several things:

• Report back to a C&C server and deliver information about the infected system
• Install Chrome and Firefox extensions that redirect web searches to pages controlled by the attacker
• Achieve the same for Internet Explorer via code injection
• Perform click fraud by running additional hidden Internet Explorer processes, and sending clicks to online ads that appear to come from the pages controlled by the attacker
• Download and run additional malware.

All in all, it’s a well-rounded piece of malware that can do much harm to the users.

Microsoft’s Security Essentials and Windows Defender (on Windows 8) detect it, so if you use those protections, keep them updated and/or active.