Does does the Galaxy Search Rogue Browser Extension do?

During our investigation into suspicious websites, our research team made a significant discovery regarding the Galaxy Search browser extension. While initially promoted as an extension that enhances the browsing experience with galaxy and space-themed wallpapers, it was found to operate as a browser hijacker. In other words, Galaxy Search alters the settings of the user's browser with the intention of promoting the find.nseeknow.com search engine through redirects.

On a test machine, Galaxy Search forcibly changed the default search engine, homepage, and the URL for new tabs/windows to direct users to the find.nseeknow.com site. As a result of these modifications, whenever new tabs or windows were opened, or web searches were conducted through the URL bar, the user was redirected to find.nseeknow.com.

Illegitimate search engines typically lack the capability to provide genuine search results, so they redirect users to legitimate search engine websites instead. During our research, find.nseeknow.com redirected users to the Bing search engine (bing.com). However, it is important to note that the redirection destination may vary based on factors such as the user's geolocation.

It is worth mentioning that browser-hijacking software often employs techniques to ensure persistence, making it difficult to remove and preventing users from restoring their browsers to their original settings.

Furthermore, Galaxy Search possesses data-tracking capabilities. It can collect various types of information, including visited URLs, viewed webpages, search queries, frequently visited websites, geolocation data (IP addresses), internet cookies, usernames and passwords, personally identifiable information, financial data, and more. This gathered information can be sold to third parties or exploited for profit in other ways.

What Are Rogue Browser Extensions and Browser Hijackers and Why Are They Considered Potentially Unwanted Programs?

Rogue browser extensions and browser hijackers are types of potentially unwanted programs (PUPs) that can compromise the user's browsing experience and privacy. They are considered undesirable due to their intrusive nature and the potential risks they pose to the user's online security.

Rogue browser extensions refer to browser add-ons or plugins that are designed to perform malicious or unwanted activities without the user's consent. These extensions may claim to offer useful functionalities but often engage in activities such as injecting unwanted advertisements, tracking user behavior, collecting personal information, or redirecting web traffic to specific websites.

Browser hijackers, on the other hand, are a specific type of rogue extension or program that forcefully modifies the settings of a user's web browser without their permission. They typically alter the default search engine, homepage, or new tab/window URLs to redirect users to specific websites, often fake search engines or sites that promote unwanted content. Browser hijackers can also manipulate search results, display excessive advertisements, or generate intrusive pop-ups, significantly disrupting the user's browsing experience.

These programs are considered potentially unwanted due to several reasons:

Intrusion: Rogue browser extensions and hijackers often infiltrate a user's system without their knowledge or consent. They can be bundled with legitimate software or distributed through deceptive techniques, such as fake downloads or misleading advertisements.

Unwanted Modifications: Once installed, these programs make unauthorized changes to the browser settings, altering the user's preferred search engine, homepage, or other configurations. These modifications can be challenging to reverse, as the PUPs employ persistence techniques to resist removal.

Privacy Risks: Rogue browser extensions and hijackers frequently engage in data tracking and collection activities, gathering sensitive user information without consent. This can include browsing habits, search queries, personally identifiable details, financial information, and more. Such data can be sold to third parties or abused for malicious purposes, posing a significant risk to the user's privacy and online security.

Disruption of User Experience: These PUPs can cause frequent browser redirects, display unwanted advertisements, or generate intrusive pop-ups, significantly interfering with the user's browsing experience. They may also slow down the browser's performance or cause instability.