Browsers Gone Rouge: A Full List of Chromium Viruses

Kaley Dalbert Spenser
July 4, 2019

The term ‘Chromium malware’ is not describing the official version of the browser. It defines malicious browsers that use Open Source Chromium code. The developers of the official browser released their code publically under a freeware license which means, everyone is free to use it.

As a result, there are dozens of malicious browsers that self-install of user’s PC, steal data and put a strain on the system. The most popular ones are Tortuga, Yandex, WebDiscover, eFast, and others.

Dangers of Chromium-based malware

Browsers receive access to confidential information and can affect the functionality of the operating system on a deep level. Therefore, even simply having such a browser on your PC without ever using it, compromises your personal data.

The most common malicious activities

  • Tracking your online activity, keeping the records of visited websites and clicked ads; 
  • Built-in activity trackers used to target you with ads and pop-up banners;
  • High power consumption puts a strain on the system;
  • Push-notifications, update requests, and pop-up windows;
  • Suspicious built-in extensions that compromise your financial data.

Even if you don’t use the browser, it will keep bothering you with unexpected redirects. Some malware installs itself as a default browser – whenever someone sends to you a link via Skype, it will be opened in the malicious browser by default.

Common Chromium-based malicious browsers

Even though there are hundreds of malicious Chromium browsers out there, you are likely to face only several of these threats. We compiled the list of the most popular threats – this way, you’ll have your back fully covered.

eFast browser

This software works like a typical virus. After a silent self-installation, the tool automatically replaces Google Chrome with a purpose to demonstrate loads of advertising and redirect users to malicious links. The browser creates fake anchors that are not intended by the content publisher. Basically, the text looks like a never-ending sea of links – distinguishing the real ones from fakes is impossible.

This threat is difficult to remove and detect. It looks almost just like Chrome which makes the attack even harder to spot. However, if you keep using the browser, you’ll eventually pick up an even worse threat on one of those malicious links or ads.

Chromium (unofficial version)

Same as eFast, this tool targets the original Chrome browser. You will never notice that your regular Chome got substituted by malware. The scope is similar as well – the browser will attack you with loads of ads on any page. The typical signs of the attack are random redirects to ad-links and various pop-ups. To get rid of the treat, simply download a tool, designed to uninstall Chromium Windows 10. If you use earlier versions, use the older versions of uninstallation software.


It’s curious how a lot of malicious browsers start their advertising with the word ‘secure’. Tortuga browser is no exception. It positions itself as an ad-free, safe browser that treats your private data with respect. This, unfortunately, could not have been further from the truth. In reality, the tool generates thousands of advertising and places them on all visited pages as well as interrupts user’s activity with unsolicited redirects.


This browser represents a typical case of a potentially unwanted program (PUP) that copies Google Chrome in order to promote its own services. Unlike the original Google Chrome which is completely free, this browser requires users to pay with their time – to receive the right to access web pages, you have to watch a lot of ads and click on dozens of pop-ups.

The worst part is, it’s not just an advertising activity. Security experts detected that the majority of these links contain additional malware and are capable of self-installation. If you keep using this browser, you’ll get your PC seriously infected in no time.

Qword Browser

The browser masks itself to be your default browsing program. The only way to tell the difference is to spot the differences on the homepage – the browser will automatically redirect you to, as well as pop-ups, redirects, and fake anchor links.


Similarly to other programs of the list, Chedot masks itself to be Google Chrome. It’s also an ad-based malware – the user gets targeted by the dozens of pop-up and redirects simultaneously. This puts a huge strain on the system and causes the increase of page load time. If a page took less than a second to download in a normal version, in this program it’ll be 2-3 seconds.

BrowserAir virus

Yet another Google Chrome imposter. This one also claims to be ad-free and lightweight, and as usual, this proves to be yet another lie. In fact, you can remember this as a pattern – if the browser’s advertising puts a big emphasis on its safety and pleasant user experience, it might turn out to be shady. BrowserAir is no different from typical malware – same countless pop-ups and potentially dangerous redirects.


Among all browsers on the list, this one is definitely the most disturbing. At first, the attack is difficult to recognize because, just like the majority of similar Chromium-based services, this one masks itself to be Google Chrome. However, after trying to open a few pages, you’ll quickly understand that you are dealing with the malware – the number of ads is far from moderate.


Another ironic case of browser deception. Just like the majority of PUPs, this one promises to provide a clean user experience. It even compares itself with popular browsers like Google Chrome and Mozilla Firefox, claiming to go an extra mile when it comes to blocking ads. However, at the end of the day, the only scope of the tool is to push as many annoying ads as possible.


A Russian browser that infects itself into third-party software installation managers and disturbs users with unsolicited add-ons and redirects. Although the tool offers much less advertising than others and doesn’t mask its presence, it’s still affecting the operating system. The thing is, the browser works in the background mode and requires a lot of power. Even if you don’t use the program, it will remain active and keep putting a strain on your system.

A checklist to spotting a rogue browser

  • Monitor all software installation carefully to avoid unwanted additional installations;
  • Pay attention to small changes in functionality and interface of your browser;
  • Check starting pages – malicious browsers usually redirect users to their websites;
  • Excessive advertising is the first sign of a PUP;
  • Don’t believe loud claims about the safest and cleanest user experience – these are, actually, red flags for spotting malware;
  • Open your software manager and check how much power your browser is using. However, some malicious tools can use even less RAM than Google Chrome (original Chrome is also known to be quite consuming). Still, high values should definitely alert you.
  • Whenever you notice malicious redirects or a lot of links on the page, it indicates you are dealing with a hijacking browser.

Let’s wrap it up

Chromium-based malware is one of the most common online threats. Browsers serve as our proxies in all Internet activities, which means, no malicious browser should be taken lightly. The first rule is, of course, to never use a browser that you didn’t download – even if it seems to be comfortable.

Secondly, rush to delete a malicious program even if you never use it. Browsers can work in background mode and decrease the productivity of the entire system. For some threats, simple deletion does the job. Others require you to install uninstallation tool – those can be found on security forums.

Most importantly, pay attention to any changes in your online activities. If you notice an increased amount of ads and redirects, interpret this to be a red flag and examine the browser. To keep your PC and personal data safe, you need to be sure in your browser’s safety.

About the Author

Share this article