My World Clock Browser Extension
Cybersecurity researchers stumbled upon the My World Clock browser extension during their investigation into suspicious websites. The extension's promotional webpage claims that it offers fast and convenient access to local weather forecasts. In addition, it also displays the current time across various time zones.
However, upon further analysis of My World Clock, the researchers confirmed that instead of the described features, the main purpose of the app is to operate as a browser hijacker. My World Clock engages in deceptive practices to promote the myworldclock.xyz fake search engine. This unreliable search engine is falsely advertised as a legitimate tool, but, in reality, it may lead users to unwanted and potentially harmful websites.
The My World Clock Browser Hijacker May Lead to Significant Privacy Concerns
Browser hijackers typically operate by modifying browsers' default settings, including search engines, homepages, and new browser tabs. The goal of the intrusive software is to then redirect users to specific endorsed websites. The My World Clock browser extension is no exception to this behavior. Once installed, it alters these settings, causing new browser tabs and search queries entered into the URL bar to redirect users to the myworldclock.xyz website.
It is important to note that browser hijackers often utilize persistence-ensuring techniques to make their removal more challenging. They may also limit users' access to removal-related settings or revert any subsequent changes made to the targeted settings.
Furthermore, fake search engines, like myworldclock.xyz, are typically incapable of providing legitimate search results. As a result, they redirect users to authentic search engines to maintain an appearance of legitimacy. During the research, myworldclock.xyz led to the Bing search engine. However, it is worth mentioning that the final destination of the redirects may vary based on factors such as user geolocation and other variables that affect redirects.
In addition to its browser-hijacking capabilities, My World Clock likely possesses data-tracking functionalities. It may be capable of collecting various types of user information, including visited URLs, viewed webpages, searched queries, internet cookies, account login credentials, personally identifiable details, finance-related data, and more. This harvested information can be exploited for profit by selling it to third parties or used for other nefarious purposes.
Browser Hijackers and PUPs (Potentially Unwanted Programs) Rely on Shady Distribution Tactics
Browser hijackers and PUPs are often installed on users' devices without their knowledge or realization through various deceptive methods. These tactics take advantage of users' lack of awareness and their tendency to overlook certain installation prompts. Here are some common ways in which browser hijackers and PUPs are typically installed without users realizing it:
- Bundling: One of the most prevalent methods is bundling these unwanted programs with legitimate software that users willingly download. When installing free software or applications, users may not pay close attention to the installation process and unintentionally agree to install additional bundled software.
- Deceptive Download Buttons: On certain websites, especially those offering copyrighted or pirated content, users may encounter deceptive download buttons. These buttons are designed to confuse users, leading them to click on the wrong button that initiates the download and installation of browser hijackers or PUPs.
- Fake Software Updates: Scammers may disguise browser hijackers and PUPs as software updates, tricking users into thinking they need to update their browsers or other software. Clicking on these fake update prompts can lead to the inadvertent installation of unwanted programs.
- Phishing Emails and Malicious Links: Cybercriminals may use phishing emails and malicious links to distribute browser hijackers and PUPs. These emails may appear to be from legitimate sources, enticing users to click on links that lead to the unintended installation of unwanted software.
- Malvertising: Malicious advertising, or malvertising, is another common method used to distribute browser hijackers and PUPs. Cybercriminals may place malicious ads on legitimate websites that, when clicked on, redirect users to websites that prompt the installation of unwanted software.
- Social Engineering Techniques: Some browser hijackers and PUPs may use social engineering techniques to manipulate users into taking specific actions. For example, they may present fake error messages or warnings, urging users to take certain steps that lead to the installation of unwanted software.
To avoid inadvertently installing browser hijackers and PUPs, users should be cautious when downloading and installing software, especially from unproven sources. It's essential to carefully read through the installation prompts and opt-out of any additional bundled software that is not necessary. Keeping software and applications updated and using reputable security programs can also help detect and prevent the installation of unwanted applications.