iFind Searcher

The iFind Searcher browser extension is deemed as a browser hijacker. Some computer security researchers may refer to the iFind Searcher program with the terms 'Rogue.ForcedExtension,' 'PUP.iFindSearcher' and 'Adware32.iFindSearcher.' Computer users that noticed their browser including a blank spot on the navigation bar found that their searches are hijacked from services like Google and Bing, which makes their browser load the US version of Yahoo at us.search.yahoo.com. An investigation into the redirects to us.search.yahoo.com revealed that a program named iFind Searcher was attached to the browser and featured a transparent icon to avoid detection. Moreover, the iFind Searcher browser extension was designed to monitor the user's activity online and reroute users via two gateways to us.search.yahoo.com. The iFind Searcher extension may be promoted on blank pages where users are presented with a dialog box that says:

'Do you want to leave this site?
Changes you made may not be saved.
Leave Stay'

It does not matter if you click 'Leave' or 'Stay' because both buttons initiate the installation of the iFind Searcher browser extension. The same tactic was employed by the Current Language Translation software we reported in the first week of June 2017. The iFind Searcher browser hijacker was reported to use the same distribution tactic three weeks later. However, we are not sure if both programs are developed by the same company. It is clear that the iFind Searcher extension exchanges data with servers at clever-find.com and goto.maxdealz.com that are associated with advertisements. PC users that installed the iFind Searcher app reported being redirected from their favorite search service to clever-find.com/tuvya/?keyword= and then to goto.maxdealz.com/v1/hostedsearch and land at us.search.yahoo.com. The aim of the iFind Searcher browser hijacker appears to be to generate ad revenue at Yahoo and sell information like your search keywords to marketers. The Yahoo Ads platform has been abused in the past by adware such as Adware Helpers and Capricornus. Networks like TrafLab might be an attempt to consolidate and improve ad revenue from riskware. However, users should not underestimate the iFind Searcher browser hijacker as it may provide users with links to corrupted pages. A credible anti-malware scanner can remove software like iFind Searcher safely.