Multiple Chrome extensions uses Browser Hijackers

Multiple Chrome extensions uses Browser Hijackers

Around two million users were found to have been infected by browser hijackers employing malicious Chrome extensions. An unwanted program known as a “browser hijacker” changes a web browser’s settings without the user’s knowledge in order to insert adverts and replace the default search engine with a different one.

Installing the “webSecurerr Browser Protection” extension prompts a pop-up window to ask users to accept changes and change their search engine to “go[.]searchsecurer[.]com.” In order to collect user-entered domains, the extension sends traffic to Yahoo and checks the domain name in its JSON files. In some cases for genuine domains, if the domain matches, it blocks the request or displays a warning message. The researcher applied the extension to the “STOPPROPAGANDA” campaign as a result of traffic diversions to Russian government websites.

The second add-on, branded “Ultrasurf,” modifies the browser’s proxy settings to make “smartwebfinder[.]com” the default search engine. The user’s search is repeatedly redirected before arriving at the Bing webpage, delaying the display of search results. The addon uses system resources and adds numerous tabs to the browser for the default search.

The third plugin, “Internet-Start,” switches the default search engine to “internet-start[.]net” and gathers browsing data to show personalized ads. Traffic is redirected by the plugin to Yandex metrics, a web-based analytics service, allowing AdSense to make money from advertisements.

Recommendation by Cyble
  • Verify the authenticity of sources before installing browser add-ons such as validating developer, domain, and user reviews.
  • Reverting to default browser settings should remediate the unwanted behavior of the browser; however, this won’t remove the malicious extension.
  • Malicious browser extensions can be removed manually by going to Extension > Remove Extension on the browser or by using a competent antivirus solution.

Over 2 million users Affected with Browser Hijackers

No Image - Multiple Chrome extensions uses Browser Hijackers
May 21st, 2024

ISO 27002:2022

Copy link
Powered by Social Snap