Bizzy Beaver Hijacks Browser Settings
During a regular inspection of untrustworthy websites, our team discovered the Bizzy Beaver browser extension. It was marketed as a tool to increase productivity, but our analysis revealed that it modifies browsers by promoting the search.bizzy-beaver.com fake search engine through redirects. Consequently, Bizzy Beaver is classified as a browser hijacker.
After installing Bizzy Beaver on our test computer, we observed that it changed the default search engine, homepage, and new tab/window URL of the browser to the search.bizzy-beaver.com website. As a result, opening new browser tabs/windows and performing web searches via the URL bar redirected to search.bizzy-beaver.com. Notably, this fake search engine has at least two different appearance versions.
Browser hijackers often use persistence techniques to prevent users from restoring their browsers, and Bizzy Beaver is no exception.
Illegitimate search engines are typically incapable of delivering relevant results, so they redirect to genuine search engines. At the time of our investigation, search.bizzy-beaver.com redirected to Bing (bing.com), but this could vary based on factors such as the user's geolocation.
How Are Browser Hijackers Usually Distributed?
Browser hijackers can be distributed through a variety of methods, including software bundling, spam emails, fake software updates, malicious websites, and infected downloads. One of the most common methods is through software bundling, where a legitimate software installer includes the browser hijacker as an additional component. When users install the software, they unknowingly install the hijacker as well.
Another method is through spam emails that trick users into clicking on a link or downloading an attachment that contains the hijacker. Fake software updates are also used to distribute browser hijackers, where users are prompted to download and install a fake update that includes the hijacker. Finally, malicious websites and infected downloads can also spread browser hijackers to unsuspecting users.