Jiffy Reader

A recent threat emerged when Jiffy Reader, once prized for speeding up reading via bionic highlighting, quietly transformed into malware. A change in ownership led to malicious updates—harvesting cookies, hijacking sessions, and even mining cryptocurrency while disguised as a benign browser tool.

---

Threat Overview

• Category: Browser Hijacker / Potentially Unwanted Application
• Target: Web browsers (Chrome, Firefox, Opera, Edge, etc.)
• Why it matters: With full-site permissions, it can access and misuse sensitive data, inject pop‑ups, alter settings, or run covert background tasks.

---

✅ Key Details Table

Field	Details
Threat type	Browser hijacker / PUA
Permissions	Full read/write on visited sites
Detection names	Jiffy Reader flagged as Trojan/Hijacker
Symptoms	Pop-ups, browser redirects, hidden background tasks
Damage	Stolen cookies/session tokens, data leak, CPU usage spikes (crypto mining)
Distribution method	Extension installed/updated via Web Store; malicious takeover post‑sale
Severity	High – due to data theft and persistence mechanisms
Removal Tool	SpyHunter (recommended)

---

In-Depth Analysis

🔍 Infection Vector

Users installed a legitimate bionic‑reading extension. After acquisition by unknown parties—possibly via a sold or compromised developer account—it received stealthy malicious updates.

🧩 Behavioral Profile

Once activated, the malware:

1. Stealthily stole browser cookies, session tokens, HTTP headers, and DOM data.
2. Ran disguised background processes with elevated privileges.
3. Possibly initiated unauthorized CPU/GPU usage for crypto mining.

🛡 Risk Assessment

• Data loss: stolen cookies/session tokens threaten account security.
• System impact: hidden processes may degrade performance or risk additional malware.
• Persistence: embedded across browser, file system, scheduled tasks, and registry—survives simple uninstall.

Manual Removal Guide for Browser Hijackers

Step 1: Uninstall Suspicious Programs (Windows & Mac)

Before resetting your browser, remove any software that may have installed the hijacker.

Windows (10, 11, 8, 7)

1. Press Win + R, type appwiz.cpl, and hit Enter.
2. Find Unwanted Applications
   • Look for recently installed programs that seem suspicious (e.g., “EasySearch,” “QuickFind,” “Search Manager”).
3. Uninstall
   • Click on the suspicious program > Select Uninstall > Follow on-screen instructions.

Mac (macOS Ventura, Monterey, Big Sur, Catalina, Mojave, etc.)

1. Open Finder and go to Applications.
2. Look for unknown or unwanted programs.
3. Drag any suspicious apps to the Trash and empty the Trash.

---

Step 2: Remove Browser Hijacker from Web Browsers

Google Chrome

1. Reset Chrome to Default Settings
   • Open Chrome > Click ⋮ Menu (top-right corner) > Settings.
   • Scroll down and select Reset settings > Click Restore settings to original defaults > Confirm.
2. Remove Suspicious Extensions
   • Open chrome://extensions/ and remove unknown extensions.
3. Change Default Search Engine & Homepage
   • Go to Settings > Search engine > Select Google or another trusted search engine.
   • Under On Startup, remove any unwanted URLs.

Mozilla Firefox

1. Reset Firefox
   • Click the Menu (☰) > Select Help > Click More Troubleshooting Information > Refresh Firefox.
2. Remove Unknown Extensions
   • Open Add-ons Manager (Ctrl + Shift + A) > Remove any suspicious extensions.
3. Change Search Engine & Homepage
   • Open Settings > Search > Choose Google or another safe search engine.

Microsoft Edge

1. Reset Edge
   • Click ⋮ Menu > Settings > Reset settings > Restore to default values.
2. Remove Unwanted Extensions
   • Open edge://extensions/ and remove any unfamiliar extensions.

Safari (Mac Only)

1. Reset Safari & Clear Data
   • Open Safari > Click Safari (top-left menu) > Select Clear History.
   • Go to Preferences > Privacy > Click Manage Website Data > Remove All.
2. Delete Suspicious Extensions
   • Open Safari > Preferences > Extensions > Remove anything unfamiliar.
3. Change Homepage & Search Engine
   • Open Preferences > General > Change your homepage to a trusted site.
   • In Search, set your search engine to Google or a preferred option.

---

Step 3: Check for Unauthorized System Changes

Windows – Check the Hosts File

1. Open Notepad as Administrator (Win + S, type Notepad, right-click, Run as Administrator).
2. Click File > Open and navigate to:makefileCopyEditC:\Windows\System32\drivers\etc\hosts
3. If you see unknown IPs or URLs at the bottom, remove them.
4. Save changes and restart your computer.

Mac – Check the Hosts File

1. Open Terminal (Command + Space, type Terminal).
2. Type:bashCopyEditsudo nano /etc/hosts
3. Look for suspicious entries and delete them.
4. Press Ctrl + X, then Y, then Enter to save.

---

Automatic Removal Using SpyHunter (Windows & Mac)

For those who prefer a quick, hassle-free removal process, using SpyHunter is highly recommended.

Step 1: Download SpyHunter

Click here to download SpyHunter: Download SpyHunter

Step 2: Install & Run SpyHunter

1. Follow the instructions on the SpyHunter Download Page to install the software.
2. Open SpyHunter and run a full system scan.

Step 3: Remove Browser Hijackers

1. SpyHunter will detect all malware and potentially unwanted programs.
2. Click Fix Threats to remove the detected hijacker.
3. Restart your device to complete the cleanup process.

Step 4: Reset Browser Settings (If Necessary)

Even after SpyHunter removes the hijacker, you may need to reset your browser settings manually (refer to browser-specific instructions above).

---

Preventing Future Browser Hijacker Infections

• Be cautious when installing free software – opt for Custom Installation to avoid bundled malware.
• Avoid clicking on suspicious ads or pop-ups – they often distribute browser hijackers.
• Keep your operating system and software updated – outdated programs are more vulnerable to infections.
• Use a trusted anti-malware tool like SpyHunter to provide real-time protection against threats.

---

Conclusion

Jiffy Reader morphed from a helpful reading aid into a stealthy hijacker. Its full-site permissions enabled deep data exploitation and persistent presence. Removing it swiftly using both manual and anti-malware methods (e.g., SpyHunter) is essential. Left unchecked, it poses ongoing risk to privacy and system performance.