Ring Browser Extension

An installation setup containing a browser hijacker called 'Ring' was discovered by infosec researcher while investigating deceptive websites. It is worth noting that browser hijackers are typically created for the specific purpose of altering important browser settings. However, in the case of Ring, it does not modify browsers to promote the fake search engine dmiredindee.com.

Browser Hijackers are Notorious for Having Intrusive Capabilities

Typically, browser hijackers assume control of web browsers by setting the promoted website as their homepage, default search engine, and new tab. However, Ring operates differently and does not make these modifications to browsers.

When the installer containing the Ring extension is executed, the extension becomes active while the script is running in the background. Moreover, if the Chrome browser is closed and reopened, Ring may disappear and reappear.

It is worth noting that if the Chrome extensions list is opened before launching the installer, Ring will be visible in the list. However, if this is not the case, the browser hijacker will prevent access to the list altogether.

Ring causes the affected browser to redirect to the dmiredindee.com illegitimate search engine, which ultimately leads to Bing (bing.com). Fake search engines like dmiredindee.com typically redirect to legitimate ones because they are usually unable to generate search results on their own. However, the destination of the redirects may vary based on factors such as the user's location.

It is possible to remove Ring by ending the script's process named Windows PowerShell through the Windows Task Manager. Restarting the operating system will also terminate the script, removing Ring from the system.

It is important to mention that browser-hijacking software typically has data-tracking capabilities that can be used to collect sensitive information such as browsing and search engine histories, IP addresses, internet cookies, log-in credentials, personally identifiable details, and credit card numbers. This information can be shared with or sold to third parties, including cybercriminals.

PUPs (Potentially Unwanted Programs) and Browser Hijackers Rarely are Installed Intentionally

PUPs and browser hijackers are unwanted software programs that could lead to security or privacy issues. They are often distributed using deceptive tactics to trick users into installing them.

One of the most common distribution tactics used to spread PUPs and browser hijackers is software bundling. This tactic involves bundling the unwanted program with legitimate software, so when the user downloads and installs the intended program, the PUP or hijacker is also installed without the user's knowledge.

Email attachments can also be used to distribute PUPs and browser hijackers. In this method, the user receives an email with an attachment that, when opened, installs the unwanted program.

Fake software updates are another distribution tactic used to spread PUPs and browser hijackers. In this method, the user is prompted to download and install a software update, which is actually the unwanted program in disguise.

Social engineering and phishing are also tactics used to distribute PUPs and browser hijackers. Social engineering involves tricking the user into performing an action that they wouldn't otherwise do, such as downloading and installing the unwanted program. Phishing involves tricking the user into divulging sensitive information or installing malware, which can also lead to the installation of unwanted programs.