Gstatic Redirects and Ad Popups

Gstatic is the name of a legitimate service developed and deployed by Google. Gstatic is used, as the name suggests, for offloading static content and allowing a user's browser to simultaneously load files needed from multiple connections to different domains. This is mainly done because most popular browsers have a default low number of connections possible to the same domain name.

In short, Gstatic is a legitimate Google domain and associated content delivery service, containing cached, static files and content, used to improve end-user performance and offload traffic.

However, if you see a lot of pop-ups appearing while you browse the web and you see gstatic flashing a lot in your browser's status bar, while the content of those ads is loading, you likely have a browser hijacker on your system. A lot of users experiencing similar behaviors were worried that gstatic itself was a bad domain. It is not, but some malware authors can abuse it to push their annoying or often even malicious ad campaigns.

Browser hijackers are a class of potentially unwanted applications that can modify various aspects of your browser, from your default search engine and homepage, to even displaying similar intrusive and often malicious ads.

Potentially unwanted applications, including browser hijackers, are usually distributed using bundle installers. Bundle installers are software packages usually distributed through free download websites with less than ideal reputations. In them, there might be one legitimate application, with one or more potentially unwanted ones piggy-backing inside the same installer file.

Bundle installers are notorious for the poor disclosure of their full contents and many potentially unwanted applications install through bundlers, without the user's knowledge or consent.