Being redirected to tatrck.com when selecting a site from suggestions
-
marinaz909 Opera last edited by@hubga Hello, thank you for letting us know that the issue does not reproduce on your side, and we appreciate your patience!
-
-
marau2022 last edited by
Hi guys,
I am having this issue too.
It appears to be a virus of some sort embedding itself within suggested links.
Not seeing any harmful effects so far, but concerned on what data it is reading.
To clarify, this is not an opera specific thing, but is affecting multiple browsers, including brave and chrome
-
marau2022 last edited by
It appears to originate from https://whjre.com/v2/click
The full url I was redirected through is https://whjre.com/v2/click-B4p4G-KzV5r-PDdND-29b15744?tl=1&sa=3CeljYTWLUoJI0WPmXAf3ROdBG5R5V&sa2=S98SlTGSNTqghh05&smc3=251654
Which appeared when i was trying to load a financial site I frequently use and is perfectly legitimate.
I have not installed any add-ons, and it started about a month ago, i first dismissed as a one off, but then realised it seems a little odd to be attaching itself to the suggested popups - it seems to use the pretence that a user will be lazy and click the first thing that appears when they type in a frequented site.
I have cleared cache, cookies, even done a complete wipe of the browser itself, I've signed out of opera and signed back in...
It still attaches itself within a few hours / days of use.
I'm reasonably technically minded on internet gibberish, but this is baffling me on how to resolve and I have resorted to manually blocking redirects to that domain. But it will presumably use another at some point and catch me out.
Happy to be emailed by developers for further info, love the browser and have never previously had an issue.
This is occurring on OperaGX for me, but I am aware of instances where this is a more broad browser issue. See: https://www.reddit.com/r/brave_browser/comments/1dd8g1v/issues_with_redirects_to_tatrackcom_in_brave/
In that thread, they are suggesting it is caused by a set of malware embedded extensions, but as I say, I have none, other than Opera default extensions which I would doubt are infected since I haven't updated them in the last month, in order to get any infected script.
It seems the extensions are adding a background.js script which runs and hijacks certain types of url's to forward them through a proxy.
