Beware of the SurfGuru Rogue Browser Extension

While investigating untrustworthy websites, our research team discovered the SurfGuru browser extension. It claims to be a tool that provides quick access to surfing-related content such as news, advice, and products. However, after analyzing SurfGuru, we found that it is actually a browser hijacker. This extension changes browser settings to promote the fake search engine privatesearchqry.com by redirecting users to it.

After installation, SurfGuru modifies the default search engine, homepage, and new browser tab/window URL to privatesearchqry.com. Any web searches performed using the URL bar or new tabs/windows opened result in automatic redirects to the fake search engine website. However, illegitimate search engines usually lack the ability to generate search results and instead redirect to genuine internet search sites. In the case of privatesearchqry.com, it redirects to Bing, although this may vary depending on the user's geolocation.

It's worth noting that browser-hijacking software often uses techniques to ensure persistence, and SurfGuru is no exception. Additionally, this malicious browser extension may also spy on users' browsing activity, including visited URLs, viewed pages, searched queries, IP addresses, internet cookies, usernames/passwords, personally identifiable details, and finance-related information. The data collected can be sold to third parties for monetization purposes.

To avoid falling victim to browser hijackers like SurfGuru, it's important to be cautious when installing browser extensions and to only download them from reputable sources. It's also essential to keep your antivirus software up to date and to regularly scan your device for malware.

What Are Browser Hijackers and How Are They Commonly Distributed?

Browser hijackers are a type of malicious software that modifies the default settings of a web browser, without the user's consent, in order to promote fake search engines, generate advertising revenue or steal personal information. Commonly, they change the homepage, new tab or search engine to a malicious or fake website, which then redirects users to unwanted sites or displays unwanted ads.

Browser hijackers are often distributed through software bundling, where the malicious software is included with free software downloads that users install from unverified sources. The hijacker may also be disguised as a useful browser extension or toolbar, tricking users into installing it voluntarily. Additionally, they can be distributed via malicious ads, email attachments, or through the exploitation of security vulnerabilities in web browsers or operating systems.

Once a browser hijacker is installed, it can be difficult to remove because it often uses persistence-ensuring techniques. These can include modifying system files, registry keys or creating scheduled tasks. Some browser hijackers can also install backdoors or other malware, making it more difficult to remove or repair the damage done to the system.

To protect yourself from browser hijackers, it's important to only download software and browser extensions from reputable sources, keep your web browser and operating system up to date with the latest security patches, and use antivirus software to scan your device for malware regularly.