Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 91
First Seen: May 29, 2024
Last Seen: June 9, 2024
OS(es) Affected: Windows

Potentially Unwanted Programs (PUPs) encompass a category of software applications that, while not explicitly unsafe, often bring about unwanted consequences for users, such as intrusive advertisements, changes to browser settings or privacy concerns. They are frequently distributed through deceptive means, including bundled software downloads or misleading advertising.

Security researchers are issuing warnings regarding the presence of a fraudulent search engine,, which is being aggressively promoted through dubious methods, primarily via exactly such PUPs and browser hijackers. Specifically, experts have identified an association between the site and a browser extension known as ONFIND. The application functions as a browser hijacker by altering browser configurations to promote Both and the ONFIND extension are deemed unreliable and potentially harmful to users' browsing experiences and online security. Replaces Users’ Default Search Engines by Overwriting Browser Settings is distributed through the ONFIND extension, which forcibly sets as the default search engine, homepage, and new tab page. Consequently, users whose browsers are hijacked by ONFIND find themselves directed to whenever they open a browser or a new tab and initiate a search query.

As previously mentioned, operates as a deceptive search engine, failing to provide legitimate search results. Instead, upon entering a query, users are redirected to, another suspicious search engine known for potentially displaying misleading advertisements and linking to malicious websites within its search results.

Engaging with exposes users to various online risks, including tactics, adware-infested sites, malware distribution platforms and other dubious online destinations. Therefore, users are recommended to exercise caution and refrain from trusting (as well as, promptly removing any associated browser hijackers, such as ONFIND.

Furthermore, it's crucial to note that ONFIND triggers the 'Managed by your organization' feature when activated, indicating that an external entity, such as a company or educational institution, controls the browser's settings and policies. If a browser hijacker like ONFIND utilizes this feature, it could lead to severe consequences, such as restricted website access, privacy breaches, redirections to malicious sites, loss of control over other extensions, and various other usability issues.

Browser Hijackers Often Sneak Themselves onto Users’ Devices via Shady Distribution Practices

Browser hijackers frequently infiltrate users' devices through shady distribution practices, exploiting vulnerabilities and employing deceptive tactics to evade detection. These practices include:

  • Bundled Software: Browser hijackers often come bundled with legitimate software downloads. Users may inadvertently install the hijacker alongside the desired software if they fail to opt out during the installation process.
  • Deceptive Advertising: Hijackers may be distributed through deceptive advertisements, promising free software, tools or system optimizations. Clicking on these ads may trigger automatic downloads or redirects to websites hosting the hijacker.
  • Fake Updates: Some browser hijackers masquerade as software updates or security patches, tricking users into downloading and installing them. These fake updates exploit users' trust in legitimate software update mechanisms.
  • Rogue Websites: Visiting rogue or compromised websites can also result in the automatic download and installation of browser hijackers without users' consent or knowledge.
  • Email Attachments and Links: Browser hijackers may be distributed via email attachments or links in phishing emails. Unsuspecting users who open these attachments or click on links may inadvertently install the hijacker on their devices.
  • Social Engineering: Fraudsters may employ social engineering tactics, such as fake alerts or warnings, to convince users to download and install browser hijackers under the guise of security or system optimization tools.

Overall, browser hijackers rely on users' lack of awareness and trust in seemingly legitimate sources to infiltrate their devices, often leading to compromised browsing experiences and potential security risks.

URLs may call the following URLs:


Most Viewed