Posted: May 20, 2013
Threat Metric
Threat Level: 9/10
Infected PCs 225 Description

[ is a web-hosted browser hijacker that is inserted into compromised (AKA, hacked) websites for the purpose of redirecting visitors to malicious sites. Although the same technique abused by, known as a Proxy Auto-Config attack, can be used for many purposes, specifically appears to be used for stealing currency and credentials from the accounts of Bitcoin users. malware experts particularly warn members of to be cautious about potential attacks, which are known to target members of that community specifically and redirect them to a fake Brazilian mirror of that site. doesn't need to be removed from your computer, but its PAC changes should be deleted by appropriate security software and solutions immediately. the Bitcoin Redirect You May Not Suspect uses one of the favorite tricks of Brazilian cyber-thieves: the Proxy Auto-Config or PAC attack, which enables your browser to redirect from any specified URL to a different website. The most popular implementation of this attack is to redirect PC users from major Brazilian bank sites to phishing sites that steal bank credentials, but has expanded that victimized territory to the realm of Bitcoins (a digital currency). After being inserted into various innocent – but perhaps less secure than would be advisable – websites, attempts to launch automatically through your browser. Once launched, changes your PAC settings to redirect you from, a major Bitcoin market site, to a fake mirror. The mirror's URL is almost identical, except for using a Brazilian domain suffix (.br).

Entering any information into this fake Mtgox site will allow criminals to gain access to that info, which is exploited for the purpose of hijacking your Bitcoin wallet and stealing the currency that's stored within it. However, malware researchers must warn that and similar PC threats also can be used, with very minor changes, to redirect you from other websites and towards different kinds of malicious sites.

Because's PAC attack is URL-specific, your ability to browse any unrelated sites shouldn't be impeded. However,'s attack affects baseline settings that function in all types of browsers (no matter what their settings might be).

Steering Your Browser Away from's Exit Route to Poverty

As might be surmised from its name, uses JavaScript to launch and attack your PC, and browsers with JavaScript (disabled by default) are notably less endangered by such browser-redirecting attacks than unprotected browsers. However, because Trojans like often are enabled by exploit kits that can search through multiple types of appropriate vulnerabilities, malware experts also recommend that you keep your browser protected by anti-malware products with the ability to block website-based PC threats. doesn't install itself onto your computer, but the PAC changes creates do need to be removed. Of course, malware researchers also note that a great deal of the onus belongs to website administrators to maintain the security of their sites and remove from their website code as soon as possible.e:aliases]

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Trojans

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.