Also known as: Conduit malware, Conduit Search, Conduit Toolbar, Trovi, Trovi Search Protect, VSearch
Category: Malware
Type: Adware, browser hijacker
Platform: Windows, Mac
Variants: Win32/Conduit, OSX/Conduit.G, MacOS/Conduit.F
Damage potential: Modified browser settings, unwanted toolbars or extensions, search result manipulation, unauthorized data collection, data theft
Overview
Conduit is a browser hijacker that spreads by being bundled with other software. Once Conduit has infected your device, it can cause various issues, such as changing your browser settings, redirecting to unwanted sites, installing browser toolbars without consent, and modifying search results. While Conduit isn’t as prevalent as it used to be, learning about it can help you recognize similar threats.
Possible symptoms
The most common symptoms of Conduit malware are changed browser settings, like your default engine, homepage, or new tab page.
Other symptoms of a Conduit infection include:
- Seeing more unwanted ads, pop-ups, banners, and sponsored links.
- Browser redirects to unfamiliar search engines, sites, and landing pages.
- Experiencing sluggish browser performance (e.g., delays in loading websites).
- Additional toolbars on your browser that you didn’t intentionally install.
- A modified new tab page (e.g., with a different interface or content).
- Changed browser configuration and security settings.
- Seeing more ads in search results and less accurate content.
- Increased tracking activity (e.g., more ads based on recent search inquiries).
Sources of infection
Conduit can infect devices in many ways, but piggybacking on software or updates is the most common. Cybercriminals hide it as an additional component of legitimate or seemingly useful software, like a browser extension or media player. Users may unintentionally download it by agreeing to the terms and conditions or following confusingly worded installation steps.
Other ways Conduit may infect your device include:
- Fake or malicious websites. Cybercriminals may trick users into downloading Conduit by disguising it as a legitimate app on fake websites.
- Misleading ads and popups. A user may unintentionally install Conduit on their device after clicking on a misleading or malicious ad.
- Email attachments. Malicious attachments in phishing emails could direct users to websites hosting Conduit.
- Drive-by downloads. Some compromised websites may automatically download and install Conduit when a user lands on them.
- Outdated software. Cybercriminals may exploit vulnerabilities in outdated software and browser plugins to deliver Conduit.
- Browser extensions. Hackers may spread Conduit by compromising popular extensions or disguising it as legitimate, popular software.
Protection
Conduit can infect your device in several ways, but the most common is software bundles. To prevent Conduit infections, only download software and updates from official sources.
Here are other ways to protect yourself from Conduit:
- Be cautious during software installations. Pay close attention to what you’re installing and review bundled components. If Conduit is one of them, decline it.
- Keep software up to date. Regularly updating operating systems and web browsers makes them less vulnerable to infections.
- Use reputable security software. Choose reliable antivirus and anti-malware software with real-time protection to detect and prevent Conduit.
- Review your browser extensions. Regularly check your extensions and remove any that you don’t recognize.
- Use NordVPN’s Threat Protection Pro. This advanced feature blocks malicious sites and may help prevent drive-by downloads. Additionally, it scans your downloads for malware.
Removal
You’ll need specialized anti-malware software to remove Conduit. Since browser hijackers control your browser, downloading anti-malware or adware removal tools can be difficult. You may need to download its installation package to another device and transfer it over. Once you have the right software, scan your device and follow the instructions on the screen to get rid of Conduit. Remember to reset your browser configurations when you’re done.