dictionaryext.xyz

Short bio

The domain dictionaryext.xyz is blocked because it is a search hijacker that delivers a forced Firefox extension. This potentially unwanted program (PUP) is forced on users because they are unable to leave the site until they have installed the extension.

Malicious behavior

When users enter this domain, they are unable to close the tab unless they kill the Firefox process. The criminals behind dictionaryext.xyz keep users on the site through a series of login prompts and social engineering.

login prompt

The site displays a login prompt.

javascript pompt

The site keeps repeating this prompt.

website

The website claims you need to update Firefox.

If users don’t kill the process and install the extension, Malwarebytes detects it as PUP.Optional.ForcedInstalledExtensionFF. This family of extensions downloads additional code in the form of a json file from other domains. This can result in search hijacks, coin mining, and anything else the threat actor may come up with.

Protection

Malwarebytes blocks both the domain itself as well as the domains that are contacted for additional instructions.

blocked domain

Malwarebytes blocks any connection to this domain.

block contacted domain

Malwarebytes blocks the connection to the domains that provide the code for the extension.

Exclusion

Should users wish to visit a blocked Domain and exclude it from being blocked, they can add it to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select Allow a website.
  • Select Add a URL and enter the domain that you wish to exclude.
  • Click on Done and the domain should appear in your Allow List.

Related blog content

New Chrome and Firefox extensions block their removal to hijack browsers

Forced into installing a Chrome extension

Select your language