LTS Secure Warning: Browser Hijacker monitoring your browsing activity

A browser hijacker is a malware program that modifies web browser settings without the user’s permission and redirects the user to visit unknown websites. It is also called a browser redirect virus because it redirects the browser to other, usually malicious, websites, a browser hijacker enables browser hijacking.

Technical Details

The aim of a browser hijacker is to help the cybercriminal generate fraudulent advertising revenue. For example, a browser redirects the victim’s homepage to the hijacker’s search page, then the hijacker redirects victim web searches to links the hijacker wants the victim to see, rather than to legitimate search engine results. When the user clicks on the search results, the hijacker gets paid. The cybercriminal can also sell information about victim browsing habits to third parties for marketing purposes. A browser hijacker may contain spyware enabling the attacker to obtain the user’s banking information or other sensitive data. Browser hijacker malware may also install Ransomware malware, that encrypts data on the victim system until the victim pays the asked amount to decrypt it.

Impact

Mostly browser hijacker attacks, while the installation is progressing. A user also may be duped into agreeing to additional download when agreeing to terms and conditions to install the application.

The victim may have been offered the option to decline the installation of the browser hijacker software, but that information was likely displayed in a way intended to deliberately confuse the user into downloading the malicious software.

Browser hijacker infections can be spread through malicious email attachments, downloaded the infected files or by visiting infected websites.

Non-malicious websites can be infected by malicious actors, though malicious websites may also be created by the browser hijacker actor for the purpose of spreading the malware.

Many browser hijackings come from add-on software, i.e third-party software, plug-ins or scripts added to programs to give them extra features and functionality. An example of a software add-on is Adobe Flash.

Recommended Action

Here are some following actions to remediate the Browser attack:

• Determine the authenticity of all browser add-ons, plug-ins and extensions by opening the add-ons manager in the infected system’s browser and remove any that are suspicious or unnecessary.
• Use the browser settings tool to reset the browser homepage if the victim’s browser homepage has been hijacked. In some cases, simply resetting browser settings to the original defaults will be enough to remediate the attack.
• Clearing the system’s Domain Name System (DNS) cache can also eliminate connections to malicious systems if the browser has been hijacked.
• Browser hijacker infections can be manually removed from Windows systems by uninstalling them using Add/Remove Programs or Uninstall a Program in the Windows control panel.

Norton has released security advisory for Browser Hijacking.