‘eFast’ Malware Replaces Your Whole Browser to Add Adware

By Jonathan Zhou
Jonathan Zhou
Jonathan Zhou
Jonathan Zhou is a tech reporter who has written about drones, artificial intelligence, and space exploration.
October 19, 2015 Updated: December 8, 2015

The history of cyber-security, like that of warfare, is one of constant innovation on both the offensive and defensive. Online adware and malware prevention has recently improved to such a degree that marketers and black hat hackers have been forced climb up the software evolutionary tree.

A new malware adware, eFast, attempts to hijack a user’s internet browsing by making itself look like Google Chrome once installed for the purpose of serving up its own in-browser ads. 

eFast sets itself as the default internet browser on a victim’s computer, and makes it the default program associated with a number of file-types, including html, jpg, pdf, and web links such as http and irc, according to the security blog Malwarebytes.

“The installer for eFast also deletes all the shortcuts to Google Chrome on your taskbar and desktop, most likely hoping to confuse the user with their very similar icons,” reads the Malwarebytes post. The newly installed shortcuts look similar to that of Google Chrome and links to popular websites like YouTube and Facebook.

Not only does the icon look like Google Chrome’s, the browser itself does too, likely because it uses the same source code from the Chromium open-source project that Chrome is based on.

The existence of eFast has been hailed by some in the IT security community as a sign of progress in adware prevention, showing that existing countermeasures against intrusive adware worked so well, adware makers had to resort to making a separate browser to fool web-users instead of installing them directly on their browsers.

“Major props to the Chrome team that it’s getting so hard to hijack Chrome that malware literally has to ‘replace it’ to effectively attack,” Swift on Security, an online InfoSec personality, posted on Twitter. 

According to PCrisk, an adware removal guide website, eFast originates from free software bundles which install assorted software without the user’s permission. Once installed, eFast imposes ads on top of existing webpages to third-party e-commerce websites.

Unlike popular web-browsers like Mozilla or Google Chrome, which has a privacy policy that promise not to sell personally identifiable information (PII) to advertisers, eFast doesn’t appear to have a privacy policy, and PCrisk asserts that eFast sells information it harvests from its users to third-party companies.

However, in its “about” section, the eFast browser refers to “clara-labs.com,” a website that boasts creating a “smart ad service.” The privacy policy on clara-labs claims that no PII is shared with third-party advertisers.


Jonathan Zhou is a tech reporter who has written about drones, artificial intelligence, and space exploration.