Microsoft's 365 Defender research team says that a persistent malware campaign is distributing browser modifier malware, Adrozek, at scale, and it affects multiple browsers, including Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox.

We call this family of browser modifiers Adrozek. If not detected and blocked, Adrozek adds browser extensions, modifies a specific DLL per target browser, and changes browser settings to insert additional, unauthorized ads into web pages, often on top of legitimate ads from search engines. The intended effect is for users, searching for certain keywords, to inadvertently click on these malware-inserted ads, which lead to affiliated pages. The attackers earn through affiliate advertising programs, which pay by amount of traffic referred to sponsored affiliated pages.

After tampering with multiple browser components and settings, the malware gains the capability to inject ads on search results on affected browsers. The injection of ads is performed by malicious scripts downloaded from remote servers.

It's worth reading the whole piece from Microsoft.
[microsoft.com...]