Browser hijacking is a common type of cybercrime involving modifying a user’s browser settings without their permission, and while it might seem relatively innocuous, it can lead to harmful malware and spyware being installed on a device - with severe consequences.
Have you ever found your Internet browser behaving strangely without warning? Have you been affected by countless annoying pop-ups? Do you get redirected to suspicious-looking websites? If so, your device may have been affected by browser hijacking. In this guide, we’ll explore how browser hijacking works, how to remove a browser hijacker, and what you can do to reduce your risk to hijack malware while online.
How does a browser hijacker virus work?
Browser hijacking works by changing the settings of a browser without the permission - and in many cases without the knowledge - of the user. By changing those settings, it sends users to websites that they don’t want or need to visit, and those websites will usually be malicious in nature.
A browser hijacker virus can infect a device in many different ways. It can be part of a malicious email attachment; packaged with other legitimate-looking software such as shareware and freeware; or downloaded by users who agree to deliberately misleading and confusing terms and conditions.
Some of the intended actions of browser hijacking include:
- Generating advertising revenue by forcing large numbers of users to view or click on adverts, therefore improving engagement rates.
- Tricking users into using spoof websites that look like genuine websites but are actually fronts for malware and data theft.
- Downloading spyware or ransomware onto the device via the webpage, enabling criminal activity involving the user’s personal and financial data.
Browser hijacker virus examples
To give you an idea of how browser hijacking operates, and how users can be affected by it, we’ve compiled examples of the most notable hijack malware of recent years:
RocketTab
This hijack malware changes the default settings for homepages and search engines, so that searches end up being redirected through malicious alternatives without the user realizing. This leads to users receiving different (and potentially hazardous) search results, as well as unwanted sponsored posts and advertising.
Coupon Server
This virus is targeted at online shoppers and infects devices by being bundled together with other software downloads. It bombards users with multiple pop-up and banner adverts with tempting deals and coupon codes, in the hope that users will click on them. The intention is to generate affiliate marketing revenue for the creators and potentially collect sensitive personal data at the same time.
GoSave
GoSave is a browser extension that has targeted many of the most commonly-used browsers, including Internet Explorer, Chrome and Firefox. It redirects users to its own search engine, with modified results that can potentially lead users to harmful websites, while also adding unwanted ads into users’ general browsing experience.
The impact and risk of browser hijacking
When browser hijacking is successful, the impacts on the user and their devices can be wide-ranging and severe. Different hijack malware will have different motivations, which means that users can be affected by any and all of the following:
Theft of personal data
Browser hijacking can expose users to malware and malicious websites that can harvest their personal data, as well as spyware that can monitor a user’s online activity.
Loss of privacy
Spyware and the ability to gain sensitive information means users may lose any privacy in their online activities, which can potentially lead to them being held to ransom in the future.
Financial crime
If the malware connected to browser hijacking is used to seize financial data, then cybercriminals may be able to access bank accounts and empty them of funds. And while browser hijacking that is intended to generate affiliate marketing money may not directly impact the user involved, the funds generated are often used to support other malicious or criminal activities elsewhere.
Malware-related disruption
Whether it’s ransomware that locks down a computer, or search results that aren’t what the user needs, a browser hijacking virus can cause substantial disruption to a user’s day-to-day activities.
Poor browsing performance
Connected to the previous point, when hijack malware generates large volumes of pop-ups and banner adverts, the overall performance of the browser and the device in general is slowed down considerably.
Emotional impact
All of the above risks can be very distressing for the user involved and disruptive to their everyday lives, whether they face financial and data loss, or develop mistrust of legitimate websites and online activities.
What are typical browser hijacker symptoms?
Some types of browser hijacking malware will lead to unexpected or unwanted behavior on the device that has been infected. This behavior can include (and is not necessarily limited to):
- Large numbers of pop-up windows opening with adverts or other unwanted information.
- Default homepages and search engines being replaced without warning, and/or searches suddenly redirecting to other websites.
- New toolbars appearing within the browser without being requested or downloaded by the user.
- Generally slow performance of the browser, including web pages taking longer to load than they normally would.
- Unexpected website redirects that send users to pages other than those requested.
However, it’s important to note that the signs of browser hijacking won’t always be obvious. Some will work in the background collecting data and monitoring activity without any noticeable difference to how the device runs, which is why taking proactive steps to protect against browser hijacking is so important.
How to remove a browser hijacker
Browser hijacker removal from Chrome or other leading Internet browsers requires a multi-faceted approach. There is no single catch-all tool that will shut down all hijack malware, which means that users must take a detailed approach to cover all the bases. We recommend the following to uninstall a browser hijacker:
Use anti-virus and anti-malware tools
Your first port of call should be to run full antivirus and anti-malware scans, using recognized tools such as Kaspersky Premium and Kaspersky Plus. This will uncover many known cases of adware and spyware that are the result of browser hijacking, and will help prevent any malicious activity.
Reinstall the browser
If the malware involved in the browser hijacking is especially new, it may not always be picked up by the anti-virus scan. Because of this, it’s good practice to uninstall and reinstall the Internet browser. In some cases, the hijack malware can reinstall itself, so switching to a different browser can also be helpful.
Clean directories, cookies and the DNS cache
Emptying directories and cookies can help root out any browser hijacking virus that has quietly embedded itself within the browser. Similarly, clearing out the DNS cache can also delete any connections that have been established to malware, and cut off the cybercriminal’s access to sensitive data.
Remove unnecessary and suspicious extensions
If a browser extension or add-on doesn’t look right, then the chances are that it doesn’t need to be there. All of these extensions that aren’t known about and essential to the user should be uninstalled as standard good practice, but the emerging risk of browser hijacking is an especially important time to do it.
How to protect your systems from browser hijacking
Minimizing the risk of being affected by browser hijacking involves several different actions and best practices. Having a strong, responsible approach towards secure behavior online is a good place to start, but there are many other practical means of risk mitigation that can also be extremely helpful:
Avoid freeware and shareware
If a download is made available for free, and it isn’t through a reputable source or app store, then it almost certainly isn’t worth the risk. Freeware download websites are known to be riddled with malware and should always be avoided. Even if the software looks legitimate, a browser hijacker virus or other malware may be bundled in with it.
Check download settings thoroughly
If any software does have to be downloaded, then the settings and details of that download should be investigated before it begins. This can reduce the chances of any unwanted or unexpected applications making their way onto the device.
Be alert to persistent advertising and messaging
If an offer looks too good to be true, then it probably is. And if you’re being targeted by the same offers, companies or products over and over again, then somebody wants to give you the hard sell for some reason. Any persistent messaging that keeps cropping up should be ignored, and users should never click on any of the pop-ups and banners involved.
Never click on suspicious links
It’s one of the most basic principles of staying safe online, but the frequency of successful cybercrime operations through this method means it’s always worth repeating. If a link or email attachment doesn’t look right, then it should be avoided at all costs, and users should stick to websites and search engines that they know and trust.
Update browsers and extensions regularly
Like any type of software, browsers and related extensions should all be updated on a regular basis. This not only ensures that any potentially hazardous extensions are removed within a short space of time, but also so that you can benefit from the latest security measures and features included in browser updates. You should also explore some of the additional security measures that browsers make available, such as the SmartScreen Filter within Internet Explorer.
Disable JavaScript
Many types of browser hijacker malware lead users to websites containing malicious interactive elements, built in the Java programming language, that automatically run as soon as the website is accessed. Disabling JavaScript within the browser settings prevents these interactive elements from running and potentially disrupting the device with malware.
Make use of anti-virus software
As with all types of malware, a good anti-virus solution is essential for identifying and removing any bad software that has infected a browser or device. This anti-virus solution should be run and updated on a regular basis, so that it provides the best possible level of protection, including against new and emerging threats and tactics.
Related Articles:
Computer Viruses and Malware Facts and FAQ
Related products:
