COVID Dashboard Browser Hijacker
During our investigation of deceitful websites, we came across a browser extension called COVID Dashboard, which is marketed as a tool for easy access to information related to the COVID-19 pandemic from Johns Hopkins University. However, we discovered that the extension is a browser hijacker that modifies browser settings and promotes fake search engines while also monitoring users' browsing activities.
Once installed on our test machine, the COVID Dashboard extension changed the browser's default search engine, homepage, and new tab/window URLs to the addresses of promoted sites. Consequently, any web search via the URL bar or opening a new browser tab/window would lead to a redirect to the endorsed site. The fake search engines promoted by the extension include search.extjourney.com, track.clickcrystal.com, and others, which often led to a variety of redirection chains.
Typically, fake search engines cannot provide search results, so they redirect to legitimate ones. We observed that track.clickcrystal.com would often redirect to Bing and Google, but also redirect to another fake search engine before landing on the legitimate ones. Additionally, the browser extension uses persistence-ensuring techniques to prevent users from recovering their browsers, and it can track users' browsing activities, including URLs visited, viewed pages, searched queries, Internet cookies, log-in credentials, personally identifiable details, credit card numbers, etc. The gathered information may be shared with and/or sold to third-parties.
How Can Browser Hijackers Expose Your System to Other, Potentially Bigger Threats?
Browser hijackers can expose your system to other potentially bigger threats by modifying your browser settings and redirecting your web searches to fake search engines that can contain harmful and malicious content. These fake search engines may redirect you to websites that contain malware, phishing scams, or other harmful content, putting your privacy and security at risk. Additionally, browser hijackers often have data-tracking capabilities, allowing them to collect sensitive information such as login credentials, credit card numbers, and other personally identifiable information, which can be sold to third parties or used for identity theft. Therefore, it is important to take immediate action to remove any browser hijackers and to regularly monitor your system for any signs of unauthorized access or suspicious activity.