New Tab Explorer

Infosec researchers have found a new PUP named New Tab Explorer that aims to sneak its way inside users' computers or devices. PUPs, also known as Potentially Unwanted Programs, are dubiously designed to monetize their presence on the system by performing various intrusive actions specifically. Most often these include the delivery of suspicious advertisements (adware), forcing the Web browser to open an unfamiliar address( browser hijacker) and collect various browsing-related information.

PUPs are classified as such due to the deceptive methods they employ as part of their distribution. After all, the creators of these applications are fully aware that users are extremely unlikely to willingly download and install them. That is why PUPs such as New Tab Explorer are spread via questionable tactics, such as bundling or fake installers/updates.

The adware capabilities of the PUP may allow it to inject third-party advertisements into visited websites. The delivered advertising materials can also take the form of pop-ups, banners, in-text links, and more. The advertisements may contain various clickbait messages to entice users into engaging with them. Afterward, they may trigger forced redirects leading to shady places such as phishing pages, online tactics, sites spreading additional PUPs or even serious malware threats.

The browser hijacker functionality is mostly used to generate as much artificial traffic towards a sponsored address as possible. This is typically achieved by taking control over the browser's homepage, new tab page, and the default search engine. In the vast majority of cases, the promoted page belongs to a fake search engine. Fake engines lack the ability to deliver any results and instead redirect the user's search queries through a legitimate engine such as Yahoo, Bing or Google.

One of the most alarming traits that PUPs such as the New Tab Explorer may possess is the harvesting of data. These applications go after the browsing history, all conducted searches, and every clicked URL. Numerous device details (IP address, geolocation, ISP, etc.) can also be transmitted to the remote server of the PUP's operatives continuously.