DEFINITION

A type of unwanted, malicious software that alters a web browser's setting WITHOUT the user's consent. It's primary purpose is to redirect users to unwanted websites, typically for the benefit of cybercriminals. 

DAMAGE

• Privacy Invasion: Browser hijackers can collect sensitive information such as browsing history, search queries, and personal data - such can be used for identity theft or sold to third parties.

• Unwanted Redirects and Ads: Often redirect users to malicious or phishing websites and display intrusive ads - potentially leading to further malware.

• System Performance: Additional scripts and processes run which significantly degrade system performance.

• Unauthorized Modifications: Software can alter browser settings and various system settings and features without user intervention or input. 

• Bundled Installations: Other software is typically installed alongside web browser without consent and hide in the background

• Difficult To Uninstall: Browser installs itself as a replacement for other web browsers and sometimes cannot be uninstalled traditionally - Sometimes even re-installing itself if removed. 

EXAMPLES / USAGE

• Ask Toolbar: Often bundled with free software, the Ask Toolbar changes the default search engine and homepage to Ask.com, making it difficult for users to revert the settings. 

• Babylon Toolbar:  A notorious hijacker that modifies browser settings, redirects users to Babylon's search engine, and injects ads into search results.. 

• Conduit Search: This hijacker changes the browser’s homepage and search engine to Conduit’s own platform, often installed through bundled software downloads. 

• Crossrider: A framework used by many hijackers to distribute their toolbars and extensions, which often change browser settings and redirect traffic. 

• Nuesearch.com: Redirects users to its own search engine, collecting data and displaying sponsored ads that generate revenue for the developers.  

• OneLaunch: Modifies the default search engine and homepage, redirecting traffic through its own platform, which displays more ads and sponsored content - often comes with additional adware components that display intrusive pop-up ads and banners, interrupting the browsing experience - collects detailed user data, including search terms, site visits, and possibly personal information - challenging to remove, often reinstalling itself if traces remain on the system after an initial uninstall attempt - bundled with freeware - drains CPU/memory performance. 

• Vosteran Search: Replaces the default search engine and homepage, redirecting searches to its own site and pushing unwanted advertisements. 

• Webssearches: Redirects the homepage and search engine to Webssearches.com, often accompanied by additional unwanted programs. 

• Wave Browser: Modifies the default search engine and homepage, redirecting traffic through its own platform, which displays more ads and sponsored content - often comes with additional adware components that display intrusive pop-up ads and banners, interrupting the browsing experience - collects detailed user data, including search terms, site visits, and possibly personal information - challenging to remove, often reinstalling itself if traces remain on the system after an initial uninstall attempt - bundled with freeware - drains CPU/memory performance. 

RESEARCH

The most notorious part from our findings is what exactly browser hijackers do to your machine. Some idly sit and just communicate with a single server, while others dig themselves deep into your PCs roots and contact even the audio driver...

A look through any hijacked web browsers ToS proves an ultimate point and answers to whether its trustworthy or not. From OneLaunch's ToS:

• "DEFAULT SEARCH: OneLaunch default search is powered by select search partners. A portion of advertising revenue generated from default search supports OneLaunch financially. To facilitate this, search requests may redirect through a website owned by OneLaunch or our search partners."

• "ALWAYS ON APPLICATION: OneLaunch is a desktop toolbar application and as such is intentionally always active on your computer system."

• "ADVERTISEMENTS: Some components of the Software may be supported by advertising revenue and may display advertisements and promotions. These advertisements may be targeted to the content of information stored by or through the Software, queries made through the Software or other information."

• "THIRD-PARTY SOFTWARE APPLICATIONS AND EXTENSIONS OneLaunch may advertise and recommend third-party software applications and software extensions to you for the purposes of enhancing your experience with the Software. These third-party applications and software extensions are intended to work with the Software to provide additional features and functionality."

• "OneLaunch is not affiliated, sponsored or endorsed by affiliation with, sponsorship, or endorsement by Internet Explorer®, Firefox® and Chrome™."

RECOMMEND ACTION

If you or someone you know have been a potential victim of this attack:

• Uninstall the application IMMEDIATELY - If you're unable to uninstall using conventional means, use a forceful uninstaller such as Geek or Revo

• Forceful uninstallers can also clean registry entries from browser hijackers (if these aren't removed there is a potential for the software to return)

• Change passwords for any account you accessed through a hijacked web browser.

• Use trusted web browsers with AdBlocker extensions - such as Edge, Chrome, Firefox, or Brave. 

• Run a system-wide scan to check for Malware - if Malware is found, back up your data and reinstall your OS. Use trusted AntiVirus software such as Windows Defender and Malwarebytes.