Search engine hijackers can change chrome policy to remote administration


Search hijacker changes Chrome policy to remote administration

According to Malwarebytes, The latest type of installer of search hijacking changes a Chrome policy which tells users it can’t be removed because the browser is managed from the outside. Malwarebytes was alerted by some of the customers who said they were unable to remove Chrome extensions, it tells the user that the browser may be managed outside of Chrome and the administrator has installed an extension. Even users that have Administrator accounts on the affected systems are unable to remove these extensions.

Search engines make money by showing users sponsored advertisements—a lot of money. This attracts attention, competition, and plenty who want a piece of the action without doing the actual work or considering the impact on those on the other end of the search bar. Because in the search business, even the crumbs are interesting.

One search hijacker doesn’t generate large amounts of cash for threat actors, like ransomware or banking Trojans. So, the publishers are always looking for ways to get installed on large numbers of systems and stay installed for as long as possible.

[Soruce: Malwarebytes]

According to the researches at the Malwarebyte labs, the extension is easily spotted as it is the only one that does not have a remove option.

[Source: Malwarebytes]

We have found several of these search hijackers in the Chrome webstore but installing them from there does not lead to the “managed browser symptoms.” It takes a Windows installer to make the necessary registry changes, so users that installed it from the webstore should be able to remove it themselves in the normal way.

said the researchers

Malwarebytes also said that they were not able to find from where the extension has landed the affected users system but have managed to find some stand-alone installers from the Temp folder on affected Windows systems. The company said that the user that can get affected by the extension gets an installation window while opening a downloaded bundle.

[Source: Malwarebytes]

How to remove such kind of search hijackers?

Malwarebytes recognizes these hijackers and removes them from affected systems. You can find a few removal guides on the Malwarebytes forums:

Removal guide for Mazy Search

Removal guide for SearchSpace

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments