{"id":20620,"date":"2024-03-22T11:21:00","date_gmt":"2024-03-22T11:21:00","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=20620"},"modified":"2024-03-22T13:29:07","modified_gmt":"2024-03-22T13:29:07","slug":"dragon-angel-extension","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/dragon-angel-extension\/","title":{"rendered":"Dragon Angel Malicious Browser Extension"},"content":{"rendered":"

Dragon Angel is a browser extension that functions as a hijacker malware. It redirects users to promoted search engines<\/strong> or websites. These redirects ruin the process of browsing and can lead to irrelevant or potentially harmful content or malware distribution.<\/p>\n

Dragon Angel Overview<\/h2>\n

Dragon Angel is a malicious browser<\/strong> extension that can appear in Chrome browsers. It usually appears as a result of adware activity<\/a> on the system. For example, unwanted programs like Chromstera or Chromnius after installation can offer this extension to the main browser. Users complain about it continuously appearing unless the source of the problem \u2013 the malignant browser \u2013 is removed.<\/p>\n

\"Dragon
Dragon Angel browser plugin<\/figcaption><\/figure>\n

The purpose for such plugins is search query redirection<\/strong>. Frauds who stand behind it force every single search request that you do to go through their servers. By forming a digital fingerprint of their victims, they earn money after selling it to third parties. I\u2019ve did a comprehensive analysis of Dragon Angel, and found a couple of really interesting details<\/strong> \u2013 so read on.<\/p>\n

Dragon Angel Detailed Analysis<\/h2>\n

Dragon Angel appears on your device due to the activity of unwanted software. It is often the result of potentially unwanted software<\/a> that comes bundled with freeware or software cracks<\/strong>. Although most installers allow you to cancel installing additional software, unscrupulous developers may remove this option.<\/p>\n

Search Redirects<\/h3>\n

Once installed, the extension changes the homepage and some browser settings. It also forcibly redirects all search queries<\/strong> through Dragonboss search engine. It eventually ends up on a legit search engine page, usually Yahoo or Bing, but during these redirections, the said search engine will collect the info about your request. Also, the search results after such a multi-step operation are different from what you would get after a direct request to the search systems.<\/p>\n

\"Malicious
Another malicious extension that Dragon Angel promotes in its redirections<\/figcaption><\/figure>\n

What this means is the victims will see promotions instead of relevant search results. These promos mostly contain sponsored websites<\/strong> \u2013 gambling, adult sites or marketplaces who paid for the ads. At the same time, this advertising can lead to phishing websites or malware downloading pages.<\/p>\n

Difficulties With Removal<\/h3>\n

The biggest problem for the average user is that Dragon Angel uses self-defense measures. After installation, the malware modifies registry settings<\/strong> to disable the ability to remove extensions from the browser or change homepage settings. This eventually leads to the infamous \u201cManaged by Your Organization\u201d error in Chrome, and complete inability to remove the extension.<\/p>\n

\"\"<\/p>\n

According to the feedback<\/a> from users who have encountered this plugin, the severity of this problem forces users to reset their PCs<\/strong>. This is the ultimate solution, but it will result in data loss, and feels like hunting sparrows with a tank gun. Fortunately, I have a solution to that problem without data loss. We will discuss it next.<\/p>\n

Not by Dragon Angel Alone<\/h3>\n

During the analysis, I found other extensions from this “developer” called Dragon Honey and Dragon Search<\/strong>. All of them share the same logo, and the same purpose \u2013 redirecting user queries through their own search engine. However, this is not the last finding of my research.<\/p>\n

The exact same “developer” has another project called Chromnius Browser<\/a>. It is a browser based on Chromium core, obviously, and does not feature any remarkable qualities. Promotions say that Chromnius is a Web browser that provides better security while browsing online by blocking pop-ups and tracker cookies. Though a closer analysis clearly shows that Chromnius is just yet another adware<\/strong> that tries to look as web browser. It can infect other browsers, send pop-up notifications without user concent and redirect search queries.<\/p>\n

How To Remove Dragon Honey<\/h2>\n

First, I strongly recommend scanning your device for malware. This will neutralize software that modifies system settings<\/strong>. To do this, download GridinSoft Anti-Malware<\/a> and run a full scan. This will find the malware that initiates browser manipulation. In addition, GridinSoft Anti-Malware allows you to reset your web browser settings entirely in one click<\/strong>. This is especially useful if previous methods have failed.<\/p>\n

\"Dragon<\/a><\/p>\n

Next, if you see this “Managed by your organisation” message when opening the browser menu in Google Chrome, there are two ways to remove Dragon Honey; we will look at them now. The first one is automatic and will work for most users. To regain control of the browser, you must follow these instructions<\/a> to download the file and run it as an administrator. This will remove the entry from the registry<\/strong>, which will not allow you to change the browser settings.<\/p>\n

The second method involves all the same, only in manual mode. To do this, press Windows + R<\/strong> on your keyboard, type “regedit<\/strong>“, and select the OK button<\/p>\n

\"regedit\"<\/p>\n

Copy the following path and paste it into the address bar, and press Enter<\/strong>:<\/p>\n

Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Google\\Chrome<\/code><\/p>\n

\"Chrome<\/p>\n

Select the Chrome<\/strong> key from the left pane of your Registry Editor. Right-click on the Chrome policy you want to remove and select Delete.<\/p>\n","protected":false},"excerpt":{"rendered":"

Dragon Angel is a browser extension that functions as a hijacker malware. It redirects users to promoted search engines or websites. These redirects ruin the process of browsing and can lead to irrelevant or potentially harmful content or malware distribution. Dragon Angel Overview Dragon Angel is a malicious browser extension that can appear in Chrome […]<\/p>\n","protected":false},"author":7,"featured_media":20681,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[17,4],"tags":[646,474],"class_list":{"0":"post-20620","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-labs","8":"category-tips-tricks","9":"tag-browser-hijacker","10":"tag-unwanted-programs"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/03\/GS_Blog_banner_Dragon-Angel-Malicious-Browser-Extension.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/20620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=20620"}],"version-history":[{"count":24,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/20620\/revisions"}],"predecessor-version":[{"id":20682,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/20620\/revisions\/20682"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/20681"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=20620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=20620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=20620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}