What Is Browser Hijacking and How Can You Prevent It?

It’s early morning and you just made a cup of coffee. You start up your favorite browser to check the daily news, when all of a sudden, you see various uncommon and odd-looking icons in your browser. The changes happened without you performing an action or installing any software, yet it’s installed on your browser nonetheless.

Has this ever happened to you? Then you’ve probably fallen victim to browser hijacking. Don’t worry too much – most browser hijacking is relatively easy to get rid of, and it’s easy to restore your browser to a clean version.

Let’s kick off by looking at what browser hijacking exactly is.

What Is Browser Hijacking?

The definition of “Browser Hijacking” is “a form of unwanted software that modifies a web browser’s settings without a user’s permission.”

Browser hijacking software can do things with your browser that you didn’t intend to do yourself.

When someone hijacks your browser, you might find that your previous default homepage has changed, or the search engine isn’t Google anymore but a different search engine instead.

Another common sign of browser hijacking is unwanted ads displayed in your browser or in popup windows. Such ads can also redirect you to a hijacker page.

In extreme cases, browser hijacking can lead to serious problems. It’s possible for browser hijackers to manipulate your browser into downloading malicious software.

Your browser could automatically download (sometimes without you knowing) spyware, ransomware or other types of malware that can seriously harm your device.

Internet denizens use browsers on a daily basis to surf the internet on various different computer operating systems, such as Windows and macOS, but also mobile devices like Android and iOS.

That means that hackers only need to design a malicious software tool once in order to target browsers. The infected browsers spread the malware to other browsers across the web automatically.

The image below is an example of an infected browser, as you can tell by the many different browser extensions installed. On top of that, the lower section of the browser window is filled with annoying ads.

Why Do Hackers Hijack Browsers?

The purpose of ads or to redirect someone to a certain page is to increase traffic on the site. The point is to get as many people to click the ads as possible because the hackers are paid by the number of clicks on ads.

That means that whenever the hijacker generates more traffic to a website, the higher the advertising profit will be.

Alternatively, browser hijackers might be after your banking information or credit card details. By installing a keylogger onto your device via a hijacked browser, hackers could potentially see everything you type on your device.

The hacker could then sell the stolen data or your personal information to third parties for either marketing purposes or identity theft, for example.

Due to the vast increase in internet usage over the past decade, it’s become much more lucrative for hackers to do something with browser hijacking.

Browser Hijacking: The Symptoms

There are various signs that could mean that your browser is hijacked. Here are the most obvious signs of a hijacked browser:

• Automatic redirection to unintended websites
• (Annoying) popup windows that contain advertisements
• Significantly slow-loading pages
• A lot of weird and uncommon toolbars installed onto your web browser (which you didn’t install yourself)

There are a number of well-known toolbars, search bars, and other types of software that show up in a hijacked browser.

Here’s a list of a few well-known examples:

• ​Conduit Toolbar
• Coupon Saver
• GoSave
• Babylon Toolbar
• CoolWebSearch
• RocketTab
• Ask Toolbar

Wikipedia published an extensive list of browser hijacking software, harmful search engines, websites and other types of malicious browser tools.

Browser Hijacking Methods & How to Prevent It

For most malware, it doesn’t simply appear on your laptop or mobile phone. It requires a user action to activate, download or install malware. It’s no different with browser hijacking.

Hackers come up with new methods to trick people into performing an action and installing something onto their browser.

I’ve listed a number of common methods below that hackers use to install malware on browsers. After every mention, I’ll also explain how to counter the method and how to prevent it from affecting you.

Trick Users Into Installing Software via an Installation Process

In many instances, hackers execute browser hijacking as part of an installation process for another download that a user believes to be trustworthy and safe.

This means that a hacker may trick a user into agreeing to install additional software tools during the installation process of another software tool. It’s often hidden in the terms and conditions, or a little check-box that allows the software developer to install malware.

Alternatively, the software might trick users by offering an option to decline the installation of additional browser software. However, the option is brought to the user in such a way that misleads them to install the software anyhow.

For example, the installation process could mention something about additional browser software (that’s actually malware). The description says the software will optimize your browsing experience, search experience, etc. (but it doesn’t; it’s just a scam).

The user might think it could actually be worth it to install the additional software, considering their initial download was already from a software developer/company they trusted.

At this point, the hijacker has tricked the user into installing malicious software.

How to Deal with Installation Process Tricksters

It’s important to carefully read the installation process every time you download something!

Whenever you install third-party software (even if it’s from a trusted source), always carefully read through the installation steps and the available checkboxes.

Many people install software and select the “Recommended” checkbox. If you opt for the default installation process, it’s quite possible that you’ve agreed to install other software tools as well.

Image Source

This even happens without you fully knowing what you’re installing, simply because the installer doesn’t show optional software unless you investigate.

If you select the “Advanced” or “Custom” installation type, you’ll often see multiple options you can (de)select in order to download or not download additional software, such as a toolbar or search bar (as seen in the screenshot below).

Make sure to read carefully and always check the installation’s advanced steps to find out whether or not they’re trying to trick you into installing other software as well.

Phishing Emails & Links

Phishing emails are another popular method of tricking people into downloading malicious software or visiting harmful websites.

The browser hijacker might send out a significant quantity of emails to random people to spread malicious attachments.

Once someone downloads the infected attachment, they’ll automatically install browser hijacking software.

The hijacker can also enable installation of browser hijacking software by tricking the user into simply clicking on a malicious link.

A link doesn’t always redirect you to the website you thought you were going to visit, but instead, redirects you to a hijacker’s website.

There is always the possibility of clicking on the wrong link. The link could on a website, email, messaging application, forum, YouTube comment, etc.

Phishing emails often have certain characteristics that tell you it’s a phishing email. I’m talking about odd grammar, weird stories about a rich African cousin who passed away, or long and weird email endings, such as “[email protected].”

How to Deal with Phishing Emails & Links

The simple and only solution: don’t ever open or click on any attachments or links in emails when you don’t know the sender.

It’s also important to realize that there are many links on the internet that could be malicious or harmful, not just the attachments and links that come via your email account.

If you’re unsure if you can trust a link, don’t immediately click it. Instead, right-click the link to copy and paste it into a Word document (or any other text tool). Ideally, you want to visit “HTTPS” URLs only.

Then you can see whether it’s a legitimate URL. If you’re still unsure, you can also paste the link into Norton’s website scanner. This tool will analyze the link and check whether it’s safe to visit.

Compromised Browser Extension Software & Add-ons

There are many instances of browser hijacking software that come from compromised extension software. I’m talking about third-party (often trusted parties) plugins or other browser software that provide additional features and user-experience improvements for users.

For example, Chris Pederick, the developer of a Chrome extension called “Web Developer for Chrome” fell for a phishing email himself. More than 1 million Chrome users use his plugin across the world.

The hacker tricked Chris Pederick into opening a malicious attachment in order to apprehend the developer’s account details. By doing so, the hacker gained access to Chris Pederick’s account and was able to modify the plugin.

The hacker then wrote and uploaded a new script into the plugin and updated it for all the users.

So, every user that had the Web Developer for Chrome plugin installed also automatically installed browser hijacking software as well.

There are also instances of anti-malware browser extensions pretending to be legitimate protection software, but in fact, these anti-malware extensions hide scripts that secretly hijack your browser.

One could almost say it’s ironic for hackers to develop anti-malware browser extensions, but then use it against you, because it’s actually a cover to hijack your browser.

How to Deal with Compromised Browser Extension Software & Add-ons

Methods such as these increase the importance of verifying every single browser extension or plugin you install.

There are a few ways to go about verifying extensions and add-ons. It’s both important to check for reviews and trustmarks from developers and other users, as well as to check whether security companies have flagged it in the past.

Simply search the extension you want to install on Google first and check if you can find any questionable information. If not, it’s safe to say you can install it.

If it has a ton of positive reviews as well, it’s most likely a clean software tool.

It’s also important to check what the extension wants to do. For example, if you use an extension to block out JavaScript code, it’s normal that the extension wants to read the entire page you’re visiting.

But if you installed an extension that allows you to save food recipes, but it also wants permission to read everything on every web page you visit and your contact list, that should ring the alarm bells.

In general, add-ons and plugins create a better user experience or provide certain helpful features, like the one in the example, which help developers in some way.

But, it’s exactly those software tools that are vulnerable to exploits and hackers, mostly because the security of these add-ons and plugins isn’t great.

Make sure to determine whether you actually need a browser extension, because if you don’t need it, get rid of it!

Other Ways to Protect Yourself

Google’s Safe Browsing List

Google defines the Safe Browsing List as follows:

“Safe Browsing is a Google service that lets client applications check URLs against Google’s constantly updated lists of unsafe web resources. Examples of unsafe web resources are social engineering sites (phishing and deceptive sites) and sites that host malware or unwanted software.”

That means that Google is keeping track of harmful websites. Once detected, the website will be added to the list. So, if you want to visit the website, you’ll receive a warning message.

Image Source

Whenever you receive this notification, it’s better not to visit the website you intended to visit. The biggest browsers, including Google Chrome (obviously), Firefox, and Safari use the Safe Browsing List.

Google started with the Safe Browsing List in 2006, but the company still frequently updates the diagnostic tool with the latest websites that pose a threat to internet users.

VPNs With Ad and Malware Blocking

If you’re serious about online security, you probably use a Virtual Private Network (VPN). If you don’t, you should probably get one.

VPNs encrypt your connection to the internet, keeping your online activities safe from the prying eyes of Internet Service Providers, governments and hackers. Some VPNs also offer ad and malware blocking, helping to keep you safe from browser hijacking.

Check with a VPN service provider to see if it offers ad blocking and malware blocking. NordVPN offers this protection. Some providers (for example, CyberGhost) also offer separate antivirus protection as a part of your VPN subscription.

Antivirus and Anti-Malware Software

There are numerous reliable antivirus and anti-malware providers out there. eSet, BitDefender, Norton and multiple other firms offer excellent protection against viruses and malware, keeping you safe from browser hijacking.

What We’ve Learned

Browser hijacking happens quite often and, in many cases, users aren’t aware that their browser is infected with certain malicious software.

Hackers use multiple methods to hijack browsers. The hijacking software is sometimes hidden in the installation process of third-party software, but phishing emails and compromised add-ons are also popular methods to hijack browsers.

It’s therefore important to always read the installation process steps carefully and check for any unexpected checkboxes that might be selected by default. Also, never open URLs or attachments in emails you don’t trust.

Be careful when it comes to browser extensions, too, because many browser extensions tend to be outdated and are therefore exploited by hackers for fraudulent activities. Hackers even design browser extensions themselves, simply to infect it later with malicious scripts.

Whenever you’re browsing the web and you’re blocked from visiting a website, and Google’s Safe Browsing List pops up with a warning message, it’s better not to ignore it or proceed to the website anyway.

The good news is that browser hijacking doesn’t have to happen to you now that you know what it is and how to prevent it. Remember these ways of preventing it, and you won’t fall for fraudulent tricksters!

What is Browser Hijacking FAQs