Browser Hijackers: What They Are and How to Protect Yourself From Them

If your browser is acting strangely, you might be a malware victim

Is your web browser suddenly acting oddly, showing icons and toolbars you never installed, or taking you to websites you never wanted to visit? You could be a victim of a browser hijacker: Malware on your computer or smartphone that secretly changes and controls your web browser's settings in an attempt to obtain personal and sensitive information from you.

What is a Browser Hijacker?

A browser hijacker is software that installs itself onto your device without your knowledge. It can come in the form of a PUP (potentially unwanted program) that you don't even realize you are downloading when you install a computer program, or it can sneak into your system as a part of a larger computer virus obtained through an email attachment or some other means.

A conceptual illustration of a browser hijacker.
 Theresa Chiechi / Lifewire

Browser hijackers can attack any platform, including Android, Windows, or Apple, plus any type of web browser, including Chrome, Edge, Internet Explorer, Safari and more. The platform and browser attacked is dependent upon the hacker involved and the information that hacker is seeking.

How Does a Browser Hijacker Work?

This malware can work in many different ways. It can be as innocent as annoying adware, a typically benign program that installs an additional component with software that feeds advertising to your computer, often through pop-up ads or the installation of an obnoxious, unwanted toolbar in your browser.

It can be frightening, however, when it arrives in the form of spyware that attempts to track your movements, record your keystrokes, and steal your personal or financial information. Because of this second possibility, it's especially important that you treat any suspicious browser activity as a serious threat.

Regardless of the type, the goal of a browser hijacker to make your web browser perform actions that you never wanted it to do, including things like:

  • Secretly downloading software you never approved.
  • Sending your banking or other highly sensitive information to hackers.
  • Installing toolbars that, when used, take you to hacked websites that entice you to enter personal information.
  • Slowing your computer system by overtaking resources and using storage space.
  • Installing a new home page that is typically virus-ridden.
  • Overrunning a browser with numerous pop-up ads and persistent advertising.

If you're experiencing any of these issues or other suspicious activities involving your web browser, you should assume you have a browser hijacker on your system.

How to Protect Yourself From This Kind of Attack

There are several ways you can protect yourself from browser hijackers but the most effective approach is to be proactive and stay vigilant every time you use the internet. That can mean taking a variety of steps that work together to help you stay safe.

  1. Always use a strong antivirus program that can tackle a wide variety of threats, for example, and keep it updated since new hijackers are released daily. If you're not sure whether or not your antivirus is working, you can test it pretty easily.

  2. In your antivirus program, turn on the option to block potentially unwanted programs. Look for that option in your program's settings; this helps you spot and stop unwanted software from downloading when you're just trying to download a legitimate program.

  3. Never use freeware or shareware sites to download software. These sites are notorious for offering seemingly legitimate programs that often include Trojans and other malware, including those notorious PUPs.

  4. Avoid clicking email links or attachments unless you were expecting them from the sender. Use email services that automatically scan attachments for viruses to help you. Gmail, for example, offers an automatic scanning option.

    If you receive a link or attachment from someone you know but weren't expecting the email, contact that person first to be certain they weren't hacked and sending you a virus.

  5. Only use well-known websites that you can verify.  Browser hijackers can infect your computer through scam websites you might accidentally enter. Clicking on the 'wrong' link can lead to you downloading a program you never wanted or accessing torrent and other potentially dangerous sites.

I'm Already a Victim: How to Remove a Browser Hijacker

If you suspect you have already been hijacked, take the following steps.

  1. Run a check with your antivirus software and be sure your current program uses heuristic techniques and real-time updates. This check can sometimes take several hours to perform but these programs offer the most comprehensive approach to finding and removing browser hijackers. If your antivirus doesn't find anything and you still suspect you have a problem, continue to Step 2.

    Your hijacker might be brand-new, which could be why your antivirus didn't catch it. However, it's also possible your antivirus does not target browser hijackers. In that case, you need to look for a new antivirus program. There are many antivirus options for Windows, as well programs as for Mac and other Apple devices, and even some pretty strong antivirus programs for Android devices, too.

  2. Next, remove suspicious add-ons and extensions from your browser. The process varies a little for removing extensions from Safari and disabling extensions in Chrome. And in Chrome, you also have the option to use the Chrome Cleanup Tool.

  3. One method is to can clear your device of adware and spyware on your own. In some cases, you may have a persistent malware infection that causes the virus to keep coming back repeatedly. To deal with that, you can try removing the virus without using an antivirus application but, in most cases, both antivirus and anti-malware will be needed to remove these types of infections.

    If the problem is on a mobile device, you may need to try different techniques to remove the virus from Android or from iOS.

  4. If none of those steps solve the problem, you can use System Restore to return to an earlier point on your computer before you picked up the browser hijacker. Be sure to pick a time period where you know you definitely didn't already have the hijacker on your computer. 

System Restore removes everything from your computer during the timeframe you select. This approach is not for the faint-of-heart or newbie; be certain this is truly the only option left to try since you could lose important documents and files in the process.

One final word of caution: Always keep your operating system (OS) updated. It might be annoying but the updates are designed to close vulnerabilities on your computer and are very important to keeping your device secure against attacks.

Because hackers are continually finding new holes in programs and platforms, Zero Day vulnerabilities, exploits and attacks can unexpectedly pop up on your system at any time. Depending upon what's happening in the world, you might need updates for both your OS and a specific program that might have been hacked.