What is a Browser Hijacker and how did Adware infect my PC?

By | June 4, 2018

What is a browser hijacker?

A browser hijacker in terms of “malware” is a specific piece of software that is solely intended to hijack the installed internet web browser(s) homepage or search engine, for example, Google Chrome, Firefox, Internet Explorer, Microsoft Edge and even Safari on Mac. After installation of a browser hijacker, intentionally or unintentionally, the internet web browser will be hijacked and the web browser homepage, search engine, and the new tab will be changed to a web page of choice by the browser hijacker.

How did a Browser Hijacker infect the browser?

A browser hijacker often infiltrates the computer via software that is downloaded from the internet. There are many rogue web pages in circulation that provide their free software downloads with a browser hijacker to make money. If a browser hijacker is installed by these rogue software installations, then the web pages that offer the rogue software installations earn money for every installation.

A browser hijacker is also offered if the PC is infected with an adware program. It is known that adware causes pop-ups in the internet web browser and refers this web browser to so-called handy browser extensions. If you fall for these dangerous browser extensions and actually install them it is possible that your internet web browser homepage and search engine are modified by a browser hijacker.

Rogue browser extension(s)

Browser hijackers often use a browser extension that alters the settings of the web browser. A browser extension is a piece of javascript code that is created to add or change certain functionality within the browser. These browser extensions are primarily intended to add functionality but are also misused by criminals to install browser hijackers and to provide the browser with an unwanted homepage.

Google Chrome is especially vulnerable when it comes to rogue browser extensions, the Chrome Web Store offers many web browser extensions that can be classified as “potentially unwanted”. In addition, Google Chrome is one of the most widely used internet web browsers in the world and therefore a target for many browser hijackers.

Browser hijackers are often given multiple permissions within an internet web browser and can, therefore, perform different actions within the browser. Below is an example of a browser hijacker with multiple permissions within Google Chrome. The permissions below are unnecessary for any browser extension, however, criminals abuse the extension permissions for multiple purposes.

browser hijacker permissions chrome

The browser extension (browser hijacker) in this example opens a new web page as soon as you open a new tab in the browser. The browser hijacker can read your browser history, change your homepage, search engine and search engine settings. This browser hijacker can be downloaded from the Chrome Web Store.

The permissions in this example should never be given to a browser extension. These permissions could lead to information about your online behavior directly from the internet web browser. That is, however, the intention of a browser hijacker. Gathering as much information from the user’s online activity and the web browser.

What is the purpose of a browser hijacker

A browser hijacker is looking for information from the user. This mainly concerns web searches and browser history. This information can be used for targeted advertisements. If a browser hijacker collects information about your surfing behavior then this information is sold to ad networks, which can use this information to display targeted ads.

Advertisements in the search results

The advertisements are displayed between the search results of a search engine chosen by the browser hijacker (usually, but not always, the Yahoo search engine). The URL often contains an identifier, which is a reference to the person or company who is earned when clicking on an advertisement.

advertisements by browser hijacker chrome

As you can see in this example, search results are referred by the browser hijacker to search.yahoo.com. I have marked the ad blocks and the referral id’s in this example. The full first “search results” page is full of advertisements. When a user clicks on one of these ads, the referral id (the browser hijacker developer) earns money. However, this is a large part of what the browser hijacker is used for, but not the only part.

Website traffic

It is known that the more user visits a website gets, the better the ranking position of the website in search engines such as Google, Bing or Yahoo. Browser hijackers are also used to redirect internet users through their own website. This is done via the permissions of a browser extension as indicated earlier in this article.

In this way, the makers of a browser hijacker try to influence the ranking position in a search engine. Whether this is successful or not, but the question is, the algorithm behind the search engines has been considerably improved in order to limit this way of influencing. I don’t really know for sure. However, I’ve never seen a browser hijacker in a strong search engine ranking position before. Browser hijacker developers try it anyway, that’s for sure.

Collecting user and browsing data

In addition to the income from advertisements and redirected internet traffic via the browser hijacker, browser hijackers also collect user information. In this article I have already mentioned it, browser hijackers collect information from your internet web browser. The information is gathered using the browser extension which is often accompanied by a browser hijacker. The browser extension has certain permissions in the browser that allows the browser extension to read and collect web browsing history and change your web browser settings.

If the browser extension is able to read browser activity and also has permissions to change the web browser settings, the gathered information can also be passed to the developers of the browser hijacker. This information is usually limited to non-personally identifiable information, i.e. information that cannot be traced back to the user. This does not mean that it is not valuable information.

The most gathered data by a browser hijacker (browser extension) is the IP address of the user, the web search queries via the internet web-browser, internet web-browser history, the type of internet web-browser, your location, date and time of your system, installed browser extensions and browser settings. This is not information you want to share with a browser hijacker that you may have accidentally installed without permission.

How to prevent a browser hijacker

Browser hijackers are often offered as useful functionality to enhance the web-browser experience. The method of browser hijacker distribution can vary. There are browser hijackers that behave like malware and install themselves on your computer and browser without the permission. However, there are also browser hijackers that disguise themselves as a browser extension with useful functionality. The last form of disguising as useful browser functionality often goes hand in hand with software installations.

Software downloaded from web pages that offer free software or illegal downloads are often linked to adware. Spreading adware earns these web pages money. Adware could be responsible for distribution or installing a browser hijacker in the web-browser.

Beware of pop-ups in the web-browser

To prevent a browser hijacker, you should never install extensions from pop-ups that appear in your internet web browser to add new functionality. Below you will find an example of a browser hijacker disguised as “useful” browser functionality.

adware popup browser hijacker chrome

If the user would install this IncognitoSearches browser extension, then the Google Chrome default search engines will be replaced by the browser extension. Basically, this is a browser hijacker disguised as a “safe” search engine. This is pure scam. This pop-up advertising is caused by adware that is installed on the user PC.

Adware installations

As previously indicated, adware is responsible for displaying annoying pop-ups in your internet web-browser. These unwanted pop-ups promote the installation of a browser hijacker. It is, therefore, necessary to prevent adware, which will prevent a lot of distress in your browser and PC.

What is adware and how does it distribute browser hijackers

Adware is malware that is programmed with just one purpose, earning money from malware software installations and displaying annoying advertising in the form of pop-ups, redirects or advertising in the internet web browser. In the example below, I’ll give an example of software installation application that distributes adware.

adware malware installer

In the first main screen, you will see a large “install” button and at the bottom right the Next button. If you were to click one of these two buttons to install the software, you would agree to a lot of adware applications. Instead of clicking Install or Next, you should click on the Customize text to see what additional adware will be installed during the software installation.

browser hijacker software installer malware

In the example above you will see several adware applications that are being installed. You should uncheck the check mark for each adware application to prevent the adware from being installed along with the software you actually want to install. This is one of the ways that dangerous adware nestles in your PC. It requires a lot of knowledge to prevent adware. It also immediately explains how sophisticated software installations are to ensure that you install the adware. The customize text is significantly smaller than the large Install or Next button. In our opinion, these software installations are absolute malware with just one purpose, earn money by the distribution of adware and browser hijackers.

Hopefully, I have contributed to a bit more knowledge in the world of browser hijackers and adware. Again, the only thing browser hijackers and the associated adware are after is money by infecting users with malware. The Malwarebytes anti-malware security suite is excellent for the prevention or adware and browser hijacker removal.
Browser hijacker manual removal instructions.

Read more information in the How-to category on our website.

Author: Max

Hi, I am Max. I am a computer security researcher. In order to help people, I research adware and blog about the web browser. Share the knowledge.

Leave a Reply

Your email address will not be published.