Mondy Search

Threat Scorecard

Ranking: 18,088
Threat Level: 50 % (Medium)
Infected Computers: 85
First Seen: July 15, 2022
Last Seen: July 24, 2023
OS(es) Affected: Windows

The Mondy Search browser extension falls into the category of a browser hijacker. As such, it is equipped with the necessary functionality to take over users' Web browsers. Once installed on the system, the application will assume control over the browser and modify several paramount settings. In most cases, these include the homepage, new tab page, and the default search engine. All affected settings will now start opening a promoted address -

The page appears to belong to a fake search engine. Fake engines do not produce search results on their own, as they lack that ability completely. Instead, they take the initiated search queries and redirect them to additional search engines. One confirmed redirect chain caused by passes through the page before landing and taking results from Google. However, this may not always be the case, as users with different IP addresses/geolocation could be shown results from other engines, including dubious ones.

It also is necessary to note that browser hijackers often establish persistence mechanisms on the system. As such, they may be difficult to remove completely, as these mechanisms could often restore the PUP (Potentially Unwanted Program) on system restart or other events set as triggers. Another popular functionality observed in PUPs is data collection. These intrusive applications could be spying on users' browsing activity (browsing history, search history and clicked URLs) and collecting device details (OS version, browser type, etc.). Some PUPs even try to extract sensitive account or payment details from the browser's autofill data.


Most Viewed