Researchers have deduced that the fake browser popups have a multitude of nasty uses, including but not limited to hijacking official browsers, spying on activities (whether using the browser extension or not), and being extremely difficult to uninstall. Researchers from Malwarebytes were the ones to originally find the virus embedded in the universally used browsers.
These viruses also go so far as to force shut down all pages that may provide information about getting rid of them. It also has the ability to send you to a totally random page, ignoring the one you clicked on.
Under the guise of being somewhat helpful, when asked to send users to an extensive list, it will redirect to a list of installed apps. Unsurprisingly, extensions are not listed on this page.
In an official blog post, Malwarebytes offered some more information on these viruses. They strike when people look up how to uninstall the extensions and redirect them to pages where they can infiltrate their search history. Malwarebytes, among explaining more in-depth on how the extensions avoid uninstalling, also discussed that the problem was easily fixed in Firefox, but was almost double the trouble in Chrome.
During his research, he also came across a separate extension that latches on to Firefox. It starts with a warning declaring that Firefox needs an update. But once you install it, it will not let you look up information on how to uninstall. It will close any tab that might have information that will help you delete it, making it impossible to disable manually.
Although both Firefox and Chrome are massive headaches, Firefox is easier to uninstall than Chrome.
Pieter gives a walkthrough for solving the problem. You need to turn safe mode on in Firefox (hold down shift), which means that you can view any extensions that might be running but they will not be active. This will allow you to disable the virus.
And if you are unable to exit the tab due to popups, don’t forget task manager. When Firefox is restarted, the tab with the popups will be closed.
If you were affected by these viruses, you’re not alone. It was installed around 11,000 times before Google deleted it.
A spokesperson for Google released an official statement, saying that security is very important to them and they have deleted the viruses from Chrome users.
Chrome is no stranger to viruses. A report last year showed that an extension was infecting browsers, crypto mining without user’s knowledge.
Don’t think that your computer is safe, though. Malwarebytes announced that the viruses are still floating around, and it’s almost impossible to avoid getting them. They offer some sage advice at the end of their post: get an adblocker.