CovidDash Browser Extension Hijacks Browser Settings

During our investigation of suspicious websites, our team uncovered a malicious program that promotes the CovidDash browser extension. The software claims to provide easy access to information on the COVID-19 pandemic. However, after examining the tool, we found that it operates as a browser hijacker, redirecting users to the fake search engine coviddashboard.extjourney.com. Furthermore, the installation of CovidDash is also linked to the "Abnormal Network Traffic On This Device" scam.

Once installed, CovidDash changes the browser's default search engine, homepage, and new browser tab/window URLs to coviddashboard.extjourney.com. Consequently, when users try to open a new browser tab or perform a web search using the URL bar, they are redirected to the fake search engine. Usually, fake search engines cannot provide accurate search results, so they redirect to legitimate search engines such as Google, Yahoo, and Bing.

However, at the time of our research, coviddashboard.extjourney.com redirected users through clickcrystal.com and eventually landed on gsearch.co. Although gsearch.co is also a fake search engine, it can generate search results that include unreliable, misleading, and potentially dangerous content. Removing browser hijackers can be challenging since they may restrict access to relevant settings and undo any user changes. Additionally, CovidDash uses techniques to ensure persistence on the infected device.

How Are Browser Hijackers Usually Distributed Online?

Browser hijackers can be distributed online through various methods, including software bundling, spam emails, malicious websites, and fake software updates. One of the most common ways for browser hijackers to spread is through software bundling. In this technique, the browser hijacker is bundled with free software or shareware, which the user downloads from the internet.

The user may be unaware that the bundled software includes a browser hijacker, as it is often included as an optional installation component. When the user installs the free software, the browser hijacker is installed on the computer as well.

Another way that browser hijackers can be distributed is through spam emails that contain malicious links or attachments. Users are often tricked into clicking on these links or opening attachments, which download and install the browser hijacker onto the computer.

Malicious websites that contain fake download buttons or pop-up windows can also distribute browser hijackers. When the user clicks on these buttons or windows, the browser hijacker is downloaded and installed onto the computer.

Finally, some browser hijackers are disguised as legitimate software updates. Users are prompted to download and install the update, which actually installs the browser hijacker onto the computer.