Cloud Weather Browser Extension
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 2,575 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 712 |
First Seen: | February 20, 2023 |
Last Seen: | September 29, 2023 |
OS(es) Affected: | Windows |
While investigating suspicious websites, researchers discovered the dubious Cloud Weather browser extension. The extension is advertised as a tool for quickly accessing weather forecasts for various regions and countries. However, closer analysis revealed that the extension operates as a browser hijacker.
This means that Cloud Weather is specifically designed to modify browser settings in order to cause redirects to a promoted web address. In this case, users will be redirected to search.cloudweatherext.com, a fake search engine. In other words, users who have the Cloud Weather extension installed may find themselves redirected to this fake search engine without their consent.
Browser Hijackers Like Cloud Weather may Perform Various Intrusive Actions
Browser hijackers take control of Web browsers by changing their default search engines, homepages, and new browser tab URLs to promote specific websites. Cloud Weather is an example of this type of software, and it modifies browser settings to promote the search.cloudweatherext.com address. Once the extension is installed, any new tabs opened by users or their search queries initiated via the URL bar will result in redirects to search.cloudweatherext.com.
To prevent users from recovering their browsers, Cloud Weather likely employs persistence-ensuring techniques. This means that even if the user tries to reset their browser settings, the hijacking will persist.
Fake search engines like search.cloudweatherext.com often cannot generate search results by themselves. Instead, they redirect to legitimate search websites. For example, search.cloudweatherext.com redirects to the Bing search engine (bing.com), but the destination may vary depending on certain factors like user geolocation.
In addition to hijacking the browser, Cloud Weather may also spy on users' browsing activity. PUPs (Potentially Unwanted Programs) with browser-hijacker capabilities typically collect data such as the visited URLs, viewed pages, searched queries, IP addresses, Internet cookies, usernames/passwords, and sometimes even personal information. This information could then be monetized through sales to third parties, including cybercriminals. The potential for such information to be exploited in this way means that users should be vigilant when installing browser extensions and be aware of the data they may be sharing.
PUPs Rely Heavily on Shady Distribution Tactics
PUPs are often distributed using shady methods, which are designed to deceive users into installing them. These methods can include tactics such as misleading advertisements, false claims, and hidden installation options.
For example, some PUPs may be advertised as free or useful software, but in reality, they may have limited functionality until users pay for an upgrade. Others may be bundled with legitimate software downloads or offered as part of software installers, with confusing or hidden options that automatically install the PUP alongside the desired software.
Additionally, some PUPs may use misleading pop-up ads or warnings that claim the user's system is infected with malware and offer a quick fix with a download link to a supposed antivirus program, which is actually the PUP in disguise.
Overall, the distribution of PUPs often involves a combination of deception, trickery, exploiting users' trust and lack of technical knowledge. Users exercise caution and carefully review software before installing or downloading anything from the Internet.