dictionaryext.xyz

Short bio

The domain dictionaryext.xyz is blocked because it is a search hijacker that delivers a forced Firefox extension. This potentially unwanted program (PUP) is forced on users because they are unable to leave the site until they have installed the extension.

Malicious behavior

When users enter this domain, they are unable to close the tab unless they kill the Firefox process. The criminals behind dictionaryext.xyz keep users on the site through a series of login prompts and social engineering.

The site displays a login prompt.

The site keeps repeating this prompt.

The website claims you need to update Firefox.

If users don’t kill the process and install the extension, Malwarebytes detects it as PUP.Optional.ForcedInstalledExtensionFF. This family of extensions downloads additional code in the form of a json file from other domains. This can result in search hijacks, coin mining, and anything else the threat actor may come up with.

Protection

Malwarebytes blocks both the domain itself as well as the domains that are contacted for additional instructions.

Malwarebytes blocks any connection to this domain.

Malwarebytes blocks the connection to the domains that provide the code for the extension.

Exclusion

Should users wish to visit a blocked domain and exclude it from being blocked, they can add it to the exclusions list. Here’s how to do it.

The Exclusions tab includes a list of items to be excluded from scans. The items may include files, folders, websites, or applications that connect to the Internet, as well as previously detected exploits. To access the exclusions in Malwarebytes:

• Click on the Settings tab in the left pane.
• Click on the Exclusions tab.
• Click the Add Exclusion button.
• Select the exclusion type Exclude a Website and use the Next button to enter the Domain that you wish to visit.