Yontoo discontinues its infamous browser hijackers but returns with the new ones
Can you remember Groovorio, Splendor Search, Yontoo Pagerage and similar PUPs from Yontoo? These are the most known browser hijackers that showed up several years ago. Because of their aggressive activity and failure to leave the system when needed, they had been included in the data base of almost every anti-spyware program. However, time passes by, and the developers of such programs start looking for new strategies to fix their reputation. The most popular scenario is to discontinue the PUP and launch the new one.
It seems that Yontoo is another company that decided to choose this path. Several months ago, they returned with a new generation of browser hijackers where the most active ones are considered SearchNewWindow, Search Voyage, Tide Search. The least dangerous one should be called SearchNewWindow, which is not capable of changing the start page on the web browser. This hybrid browser hijacker only has permissions to read and change all the information on visited websites, communicate with other websites, change search settings and track user’s location.
However, PUPs that you should stay away from are Search Voyage and Tide Search. In addition to usual permissions, they are granted with an enlarged list of permissions that haven’t been seen in the previous versions of Yontoo hijackers. Once installed on the system, they can not only change your start page and the default search engine to nt.searchvoyage.com or nt.tidesearch.com. They can also read and change all information on your visited websites, track your computer’s location, communicate with other websites, etc.
An interesting fact discovered by security researchers is that these browser hijackers from Yontoo changed their focus from Mozilla Firefox to Google Chrome web browser. These changes were made as soon as Firefox started disabling browser extensions which cannot be verified. Ok, this shift can be explained. However, it is still unknown why Yontoo browser hijackers just stopped targeting Internet Explorer.