Supernova: Productivity and relaxation Rogue Browser Extension

During our investigation of suspicious websites, our research team came across the "Supernova: Productivity and relaxation" browser extension. Despite its promotional claims of providing browser wallpapers, our analysis revealed that this software is, in fact, a browser hijacker. The extension modifies browser settings to generate redirects and also possesses data-tracking capabilities.

Once installed on our test machine, Supernova: Productivity and relaxation altered the browsers' homepage, default search engine, and new tab/window URL, redirecting them to a promoted website. Consequently, every new browser tab/window opened and search query entered into the URL bar led to redirects.

At the time of our research, Supernova: Productivity and relaxation created extensive redirection chains, involving at least five rogue sites. These redirects eventually landed on Bing (bing.com) or the nearbyme.io fake search engine.

Although illegitimate internet search websites typically cannot produce genuine search results, nearbyme.io is an exception. However, its results may include irrelevant, sponsored, untrustworthy, deceptive, and potentially harmful content.

It's important to note that Supernova: Productivity and relaxation may cause different redirects based on factors like user geolocation.

To ensure its persistence and prevent users from recovering their browsers, browser-hijacking software like Supernova: Productivity and relaxation commonly employs various techniques.

Additionally, this extension engages in spying on users' browsing activity. Browser hijackers typically target information such as visited URLs, viewed pages, searched queries, internet cookies, usernames/passwords, personally identifiable details, finance-related information, and more. The data collected can then be shared with or sold to third parties.

What Are Rogue Browser Extensions?

Rogue browser extensions, also known as malicious browser extensions or unwanted browser extensions, are add-ons or plugins designed to run within web browsers (such as Google Chrome, Mozilla Firefox, Microsoft Edge, etc.) but behave in a deceptive, harmful, or unauthorized manner. Unlike legitimate browser extensions that enhance browsing experiences by adding useful features or functionalities, rogue extensions have malicious intent and can compromise user privacy, security, and overall browsing experience.

Here are some characteristics and behaviors commonly associated with rogue browser extensions:

• Unauthorized Installation: Rogue extensions are often installed on users' browsers without their explicit consent or knowledge. They may be bundled with freeware or shareware, deceptive software updates, or distributed through malicious websites.
• Privacy and Data Collection: Rogue extensions may collect sensitive user information, such as browsing history, search queries, login credentials, and personal details, without users' consent. This data can be used for targeted advertising, sold to third parties, or utilized for other malicious purposes.
• Browser Hijacking: Rogue extensions can modify browser settings, such as the default search engine, homepage, and new tab page, redirecting users to unwanted websites or search engines. This behavior interferes with users' browsing experiences and makes it difficult to revert to preferred settings.
• Displaying Unwanted Ads: Some rogue extensions flood users with intrusive and irrelevant advertisements, including pop-ups, banners, and inline ads. These ads can slow down browsing, disrupt user experience, and expose users to potential scams or unsafe content.
• Redirections and Phishing: Rogue extensions may redirect users to malicious websites, phishing pages, or fake login portals in an attempt to steal login credentials or sensitive information.