If you’ve done enough browsing, you’ve undoubtedly tried to navigate to a website only to be redirected to another page. Then, in order to get to the page you want, you have to cancel that page. Sometimes you have to do this several times. For the most part, this is nothing more than an annoyance. However, I have lately seen an interesting upgrade in these adware pop-ups that is sure to fool its share of users.
After I performed a normal Microsoft update, I proceeded to open the Edge browser. When I did so, I instantly got this message.
At first, I thought this might just be a part of the new update I had just installed and almost clicked the ‘install’ button. However, being the skeptic I am, I decided to look a little closer at this apparent update.
A quick glance at the URL seemed to confirm that it was legitimate… until I saw the .xyz extension. It was then clear that something was hiding behind a fake Microsoft update.
In fact, clicking on either ‘install’ or ‘do not show this notification again’ will take you to the same place.
The place it takes you to is the Microsoft Edge-addon site. Here, you will be offered a browser addon called, Newtab, by Mary W. A little research shows that Mary W. does not exist. The app is supposed to add extra emojis to your browser, though the details are a bit sparse. In fact, all the apps listed on the page seem to be suspect, as you can see.
The infamous Newtab addon did not last long. You will no longer find it on the Edge Addon site. But don’t despair, apparently, there are many other addons that will do exactly the same thing that Newtab would have done.
I decided to opt out of this addon, but others have investigated what it does and what it does is to reset your default search engine to one that they decide is best…for them. Often, this is a search engine called, Websearchers.club, Searches.club, or S3arch. But the criminals behind these scams change the names all the time. Why do they change your search engine? To make money. If someone clicks on the ads they put up on every search, the criminals get some money. They really don’t care if the search results have anything to do with what you’re searching for.
Although I have only mentioned this pop-up with respect to Microsoft Edge, they have, in fact, been designed to take advantage of every major browser. There are a number of ways these pop-ups can victimize users. The new approach is quite effective as it leads the victim to a legitimate site where they can download an infected app. Some apps will install malware on your device as soon as you click the ‘install’ button.
But how do these pop-ups get on some of the sites you visit? First of all, you have to realize that a lot of fringe sites allow ads on their sites in order to make money. If these ads happen to do some nefarious things, so be it. Other sites are simply compromised by scammers without the site owners even knowing about it. This usually happens to old sites. And, of course, scammers can set up their own fake sites to attract victims.
If your search engine has been replaced or if you are getting a lot more pop-ups than usual, check your browser settings and click on the ‘extensions’ tab to see what’s installed there. Delete the extensions you don’t want. Make sure your security settings are above the basic level. Finally, run a couple of antivirus and adware scans. Also, delete any apps you may have recently downloaded. Even if the pop-up looks legitimate, check the URL that you are being directed to. Now, it could happen that this adware has so deeply infected your browser that nothing you do can get rid of it. In this case, you’ll have to reset your browser to its default settings. I’ve had to do this a couple of times and it’s not as bad as it sounds. Also, don’t expect all the apps on legitimate app sites are clean. These sites can’t keep up with all the bad apps that are being uploaded.
Keep in mind that if you check the URL on sites like Virus Total, you will get results that say that nothing is wrong. One site, however, has determined that the URL you are being redirected to is malicious. Go here to see the details.
Sadly, the danger with such redirection can become even worse than just getting a fake search engine and more adware. If these scammers have reached the point where they can lead you to downloading an infected app, then they can infect that app with anything they want. You could become a victim of ransomware, a banking Trojan, or have your computer or network completely taken over. This attack has been strongly targeted towards U.S. websites, so be advised. At this point, I’m not sure if the pop-up I saw was timed to take advantage of a Microsoft update or whether it appeared by pure coincidence, However, if it was not a coincidence, then more is going on here than I have been able to uncover.