Adrozek family of malware changes browser settings to allow it to insert fake ads over legitimate ones. Microsoft researchers have found the malware hidden behind file names Audiolava.exe and QuickAudio.Examined s The malware extracts data from the infected device and sends it to a remote server to be used later. Microsoft tracked down the source of the malware and found it was supported by an enormous, global infrastructure. The malware is programmed to constantly shift and change to avoid detection.
Source: https://threatpost.com/adrozek-malware-fake-ads-30k-devices/162217/