The browser redirecting virus is out of control

1 point

2 years ago

So far, I have re-installed Windows 11, removed all possibly suspicious Chrome extensions, even deleted ALL browser data (history, cookies, cache and more) but still, this type redirecting just happened again!

I have had this type of redirecting virus since Feb and slowly documented all the URLs before I re-installed Windows, which was a couple weeks ago.

From my observation, the developer behind this is trying to "earn" affiliate commissions from brands like: Cloudways Panasonic BestBuy SquareSpace TaoBao ... and the list goes on.

Given the target site is bestbuy.com So far, it triggers the redirecting by: 1. searching a keyword "bestbuy" on Google and clicking the link in the SERP OR 2. clicking the link in the email message that contains links from bestbuy.com OR 3. directly visiting bestbuy.com

How it behaves: When the user attempts to visit bestbuy.com/*, it will first hijack it by redirecting to one of these sites: boxshoper.com findmeashop.com newshopland.com discounthero.org ...

a real-world example (do not click it!):

https://boxshoper.com/redirect/aHR0cHM6Ly90cmNrLm9uZS9yZWRpci9jbGlja0dhdGUucGhwP3U9dTY4RUg2MkgmcD1kNTdnNjE5czJEJm09MzEmdXJsPWh0dHBzJTNBJTJGJTJGcGxhdGZvcm0uY2xvdWR3YXlzLmNvbSUyRnRmYSUyRnZlcmlmeSUyRiZzPTliaGNxN2U1NmIwYWE%3D

Then, this middleman redirecting link will lead you to 3rd-party affiliate trackers e.g. shareasale-analytics.com

a real-world example (do not click it!):

https://www.shareasale-analytics.com/r.cfm?b=1080835&u=742098&m=75038&afftrack=3CeZuPFUDHBMKmxhWwVbDLboRcRY49M9LI6CEw2p176M0C&urllink=platform.cloudways.com%2Ftfa%2Fverify%2F&shrsl_analytics_sscid=71k8%5F5tyb3&shrsl_analytics_sstid=71k8%5F5tyb3

Who is behind this?!