NewTube Redirect Removal — How To Restore Your Browser

NewTube Redirect Removal — How To Restore Your Browser

The NewTube redirect is a recently discovered browser plugin that can be used for hijacker purposes. Interaction with it can hijack personal data belonging to the victims. Our in-depth article explores some of the dangers associated with its presence on infected hosts.

Threat Summary

TypeBrowser Hijacker, PUP
Short DescriptionThe hijacker redirect can alter the homepage, search engine and new tab on every browser application you have installed.
SymptomsThe homepage, new tab and search engine of all your browsers will be switched to NewTube. You will be redirected and could see sponsored content.
Distribution MethodFreeware Installations, Bundled Packages
Detection Tool See If Your System Has Been Affected by NewTube


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss NewTube.

NewTube – Distribution Methods

The NewTube redirect is distributed primarily through a browser hijacker (browser plugin). The security reports indicate that one of the primary methods is the distribution of the hijacker on the official plugin repositories. A common mechanism is that the developers make them available for the most popular web browsers: Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera and Safari. An elaborate description is posted that should convince the users into downloading it onto their computers.

The NewTube redirect can also be sent to the victims by email SPAM messages. They utilize social engineering tactics by sending attached copies or they are linked in the body contents. They are also the main mechanism for spreading infected payloads:

  • Infected Application Installers — The hackers can embed virus code into installers of popular applications. The list of target apps can range from system utilities to creativity suite and productivity apps.
  • Infected Documents — Using a similar approach the hackers can embed the virus code into files of different types: text documents, spreadsheets, databases and presentations. As soon as they are opened a notification prompt appears which asks the users to enable the built-in scripts (macros). When this is done the virus infection is triggered.

The hackers behind the NewTube redirect can spread the threat by creating counterfeit download portals that look like popular Internet services. The hackers may even use similar sounding domain names to further confuse the victims.

The threat can also be delivered through malicious scripts such as pop-ups,banners, ads, in-line links and etc.

NewTube – Detailed Description

The NewTube redirect is masked as an useful addition to the most popular web browsers. When the users install it their default home page will be changed to redirect to the site’s home page. Other settings that may be changed include the default search engine and default new tabs page. As the infections come from the browsers the hackers can also harvest all stored contents: cookies, history, bookmarks, settings, passwords etc.

Once the browser hijacker is installed it will request access to the following privileges:

  • Read and change all your data on the websites you visit.
  • Replace the page you see when opening a new tab.
  • Read and change your browsing history.
  • Read and change your bookmarks.
  • Detect your physical location.
  • Manage your apps, extensions and themes.

The main NewTube redirect malware engine can be used to execute various actions on the target computers. Depending on the exact configuration ordered by the criminals the engine can order changes to the Windows Registry. They can cause overall performance issues and certain functions may stop working.

Modifications to the boot options can make it impossible to enter into the recovery menu. It also institutes the NewTube redirect as a persistent threat by automatically launching it once the computer boots.

The redirect itself is advertised as a service that delivers personalized playlists featuring music that the users may like. The online service is made accessible via the browser plugin and allows the users to directly interact with the provided service engine.

It is very possible that this is merely a decoy that attempts to win the trust of the victims. At the same time these web services are notable for being used to deploy additional threats, spy on the victims or take over control of their machines at any given time.

NewTube – Privacy Policy

The NewTube redirect abides by the relevant privacy policy and terms of conditions. They read that sensitive data is harvested following the user’s consent. Example harvested includes the following:

  • Personal Data About The Users — Their name, address, location and telephone number.
  • Interests
  • Web Activity
  • Computer Interactions
  • Network Data
  • Hardware Information
  • Operating System Information

Remove NewTube Browser Hijacker

To remove NewTube manually from your computer, follow the step-by-step removal instructions given below. In case the manual removal does not get rid of the browser hijacker entirely, you should search for and remove any leftover items with an advanced anti-malware tool. Such software helps keep your computer secure in the future. We remind our readers that certain hijackers (most likely this one as well) are configured to harvest the information to a database shared with other similar threats.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share