browser hijacker (browser hijacking)

A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. Often called a browser redirect virus because it redirects the browser to other, usually malicious, websites, a browser hijacker enables browser hijacking.

A browser hijacker may change the default browser search engine or homepage, cause webpages to load slowly, install multiple toolbars on the browser without user permission and generate multiple pop-up alerts for advertisements.

The aim of a browser hijacker is to help the cybercriminal generate fraudulent advertising revenue. For instance, a browser redirects the victim's homepage to the hijacker's search page, then the hijacker redirects victim web searches to links the hijacker wants the victim to see, rather than to legitimate search engine results. When the user clicks on the search results, the hijacker gets paid. The cybercriminal can also sell information about victim browsing habits to third parties for marketing purposes.

A browser hijacker may contain spyware enabling the attacker to obtain the user's banking information or other sensitive data. Browser hijacker malware may also install ransomware, malware that encrypts data on the victim system, holding it hostage until the victim pays the hijackers a sum of money to unlock it.

How browser hijacking works

Browser hijacking is often done as part of the installation process for a downloaded application that the user believed to be legitimate. A user also may be duped into agreeing to an additional download when agreeing to terms and conditions to install the application.

The victim may have been offered the option to decline the installation of the browser hijacker software, but that information was likely displayed in a way intended to deliberately confuse the user into downloading the malicious software.

Browser hijacker infections can be spread through malicious email attachments, downloaded infected files or by visiting infected websites. Nonmalicious websites can be infected by malicious actors, though malicious websites may also be created by the browser hijacker actor for the purpose of spreading the malware.

Many browser hijackings come from add-on software, i.e., third-party software, plug-ins or scripts added to programs to give them extra features and functionality. An example of a software add-on is Adobe Flash, which lets users watch videos or play games in browsers.

While add-ons may improve the user experience on a website by providing interactive content, such as animations, some add-on software can cause a computer to stop responding or display potentially unwanted programs such as pop-up ads.

How to remove browser hijackers

Depending on the circumstances, browser hijacker removal can be relatively straightforward. Some actions to take include:

  • Determine the authenticity of all browser add-ons, plug-ins and extensions by opening the add-ons manager in the infected system's browser and remove any that are suspicious or unnecessary.
  • Use the browser settings tool to reset the browser homepage if the victim's browser homepage has been hijacked. In some cases, simply resetting browser settings to the original defaults will be enough to remediate the attack.
  • Clearing the system's Domain Name System (DNS) cache can also eliminate connections to malicious systems if the browser has been hijacked.
  • Browser hijacker infections can be manually removed from Windows systems by uninstalling them using Add/Remove Programs or Uninstall a Program in the Windows control panel.

If these steps are unsuccessful, it may be necessary to use browser hijacker removal tools, available from antivirus software vendors to remove the browser hijacker malware.

How to defend against browser hijacking

There are a number of ways to protect against browser hijacking, including:

Stay up to date on operating system (OS) and browser patches. Keeping OS and browser software updated with all the latest security features can help prevent hijacking attacks, as hijackers look for any vulnerability in the OS and the browser that they can exploit. Running a software update can help shut down these points of entry.

Disable JavaScript in the browser. JavaScript can expose critical information, including IP address, and it can install other scripts without user knowledge or permission. Therefore, remove JavaScript by default in the browser, and use the Script Block extension for Chrome and the NoScript extension for Firefox to disable or enable JavaScript on a per-site basis.

Avoid clicking on suspicious links. Users should never click on email links, text messages or pop-up boxes that come from unknown senders because they could initiate the download of browser hijackers.

Be careful about downloading software. Some browser hijacking software is bundled with legitimate software, so users should read all terms and conditions and end-user licensing agreements before downloading any software.

Use antivirus software. Installing good antivirus software and keeping it updated with the latest patches can help defend against browser hijacking. Some antivirus software offers protection in real time, warning the user if downloaded software tries to change browser settings. Some antivirus software allows the user to stop those changes from being made.

This was last updated in July 2017

Continue Reading About browser hijacker (browser hijacking)

Dig Deeper on Malware, virus, Trojan and spyware protection and removal