During a routine investigation, Cyble Research and Intelligence Labs (CRIL) discovered multiple Chrome extensions that compromised over two million users with Browser Hijackers. A browser hijacker is an unwanted program that modifies browser settings without user permission and redirects them to specific web pages that they do not intend to visit. After installation, a browser hijacker might open doors for future attacks by redirecting users to malicious websites.
All the extensions that we found were present on the Chrome web store. After installation, we observed that the browsers hijackers were also changing the browser’s default search engine without the users’ knowledge. We noticed that extensions wouldn’t work if a user tried to revert to the default browser settings.
These extensions send the user queries to different servers with multiple redirects, and at the end, the search results are shown from search engines such as Yahoo or Bing rather than default ones. Such search query redirects can collect user information and show advertisements to further serve the developer’s financial motives.
blog.cyble.com
