PoConvert Browser Extension

During our investigation of suspicious websites, our research team came across the PoConvert browser extension, which is marketed as a tool for simplifying image and video file format conversions. However, upon a thorough analysis of this extension, we determined that it functions as a browser hijacker. PoConvert modifies browser settings to promote the illegitimate search engine finddbest.co.

On our test machine, PoConvert made changes to the default search engine, homepage, and the URL for new tabs and windows. As a result, whenever we entered a search query into the URL bar or opened a new browser tab or window, it consistently redirected us to the finddbest.co website.

Typically, fake search engines are unable to provide genuine search results, so they often redirect users to legitimate internet search engines. During our research, we observed that finddbest.co redirected to the Bing search engine (bing.com). However, it's important to note that the destination of this webpage could vary based on factors like user geolocation.

It's worth noting that browser-hijacking software often employs mechanisms to ensure persistence, making it challenging to remove and preventing users from restoring their browsers to their original settings.

Furthermore, such software frequently includes data-tracking capabilities, which may also be the case with PoConvert. The data collected can encompass visited URLs, viewed webpages, search queries, internet cookies, usernames, passwords, personally identifiable information, financial details, and more. This harvested data can then be monetized by selling it to third parties.

What Are Rogue Browser Extensions?

Rogue browser extensions, also known as malicious browser extensions or add-ons, are software components that can be added to web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge, and others. These extensions are considered "rogue" because they engage in malicious or unwanted activities, often without the user's knowledge or consent. Here are some key characteristics of rogue browser extensions:

• Malicious Intent: Rogue browser extensions are designed with malicious intent. They may engage in activities such as injecting unwanted advertisements, redirecting web traffic, collecting sensitive user data without permission, or even spreading malware.
• Unauthorized Actions: These extensions often take actions without the user's consent or knowledge. For example, they may modify browser settings (e.g., homepage, default search engine), alter the behavior of webpages, or install additional software on the user's computer.
• Deceptive Distribution: Rogue extensions are typically distributed through deceptive methods, such as bundling with legitimate software, disguising themselves as useful tools, or promoting themselves through misleading advertisements.
• Privacy Invasion: Many rogue extensions engage in data tracking and user profiling, collecting information like browsing history, search queries, login credentials, and personal details. This data can be exploited for various purposes, including identity theft and advertising.
• Browser Performance Impact: These extensions can negatively impact browser performance, causing slowdowns, crashes, or excessive memory usage. Users often experience a decrease in overall browsing experience.
• Difficult to Remove: Rogue browser extensions often employ persistence techniques to make removal challenging. They may reinstall themselves after being removed, making it frustrating for users to get rid of them.