How to Identify a Browser Hijacker on Mac

Safari, Chrome or Firefox redirecting to strange search engines? Here is how to confirm a hijacker on macOS.

6 min read · Beginner friendly

Browser hijackers on Mac usually arrive bundled with a fake Flash update, a cracked app, or a misleading download from a search ad. They change your default search engine, install rogue extensions, and may add a Configuration Profile that locks the new homepage in place.

Symptoms worth checking

• Safari, Chrome or Firefox opens to a search page you did not choose
• Search results redirect through unfamiliar domains before reaching Google or Bing
• Pop-up ads appear even on sites that normally have none
• A new toolbar or extension appears that you did not install
• Your Mac shows 'Managed by your organization' in Chrome or a profile you did not add

Step 1: Audit Safari

1. Open Safari → menu bar → Settings (or ⌘ ,)
2. On the General tab, check the Homepage field
3. On Search, confirm the search engine is one you chose (Google, DuckDuckGo, Bing, Yahoo or Ecosia)
4. Open the Extensions tab and uncheck or remove anything unfamiliar
5. Open Websites → Notifications and remove sites pushing alerts

Step 2: Audit Chrome and Firefox

1. In Chrome: ⋮ menu → Settings → Search engine and On startup
2. If Chrome shows Managed by your organization at the bottom, a hijacker has installed a policy
3. Open Extensions (chrome://extensions) and remove anything you do not recognise
4. In Firefox: about:preferences → Home and Search; also about:addons

Step 3: Check for a malicious Configuration Profile

1. Open System Settings → General → Device Management (or Profiles on older macOS)
2. If you see any profile you did not knowingly install (especially anything mentioning AdminPrefs, Chromium, or a search keyword), select it
3. Click the − button to remove it and authenticate when prompted