How to remove browser hijacker on Mac in Chrome & Safari

If you suddenly notice unusual or unexpected activity while you’re on the internet, such as web pages taking an eternity to load, an abundance of pop-up ads, or searches going to the wrong websites, your browser might have been hijacked. Here, I will explain how to spot, prevent, and remove browser hijackers. If you're on an iPhone, install Clario Anti Spy right away and run a Device system check to identify vulnerabilities in the system software

Get Clario

Get it for iOS, Android

Table of contents

What is browser hijacking?

Browser hijacking happens when malicious software (called hijackware) changes the settings of your internet browser without your permission. Hijackware can cause a lot of damage, like crashing your browser, holding your device hostage with ransomware, installing spyware, or replacing your homepage with a malicious website.

You can also distinguish browser hijacking from other common cyber threats:

Threat type	What it does	Primary goal
Browser hijacker	Changes homepage, default search engine, or browser settings to redirect traffic	Ad revenue, traffic manipulation, or phishing exposure
Adware	Injects excessive ads and tracking scripts into websites or apps	Advertising revenue and user profiling
Spyware	Secretly monitors activity and collects sensitive information	Data theft and surveillance
Ransomware	Locks files or devices and demands payment for restoration	Financial extortion

Expert note

Browser hijacking is when software or a malicious extension changes your browser’s key settings without permission—such as your homepage, default search engine, new tab page, or DNS-related routing. The goal is usually to redirect you to unsafe sites, force ads, track activity, or push scams. In some cases, hijacking is a gateway to spyware, credential theft, or ransomware.

You can accidentally infect your computer with hijackware from an infected website, file-sharing platform or by downloading freeware, a browser extension, or email attachment.

Right now, you’re probably wondering why anyone would want to hijack your browser. Well, hijackers want to make money from your data and online activities. And some hackers attack browsers just for the fun of it. It helps them elevate their status within the hacking community.

Don’t get rattled, though, because we’ll help you fend off these attackers. But first, you must learn to spot the hijacking signs.

If you're using an iPhone and notice signs of browser hijacking, it could point to something serious, like a hidden jailbreak. Normally, iPhone browsers are hard to hijack because of iOS restrictions, which is why running a scan is a smart move.

Clario Anti Spy is an anti-spyware solution that can help with that. Its Device system check feature detects hidden jailbreaks and compromised versions of iOS that might let malicious apps hijack your device.

Here's how to run a Device system check with Clario Anti Spy:

Download Clario Anti Spy and subscribe to create an account.
Tap Scan under Device system check.
Follow the on-screen steps to address any security issues.
Tap the Message icon for 24/7 expert support if you need help.

These Clario Anti Spy app screenshots show how to run a Device system check if you notice a browser hijacker on our iPhone. — **Steps 1-3: Run a Device System Check to identify system software vulnerabilities.**

We recommend running an Anti-spy setup as well to tighten privacy settings related to web browsing, social media, and app permissions. Also, don't forget to activate the Data breach monitor to get alerts if your email and passwords end up in a data breach.

Signs your browser has been hijacked

In general, you can easily spot if your browser has been hijacked. Here are some telltale signs to watch out for:

Your homepage looks different
Your passwords won’t work
You see new favorites or unknown sites in your bookmarks bar or bookmark manager
Your browsing sessions become too sluggish
Your browser settings change back after you’ve made your own modifications
Your mouse starts moving on its own
Unusual pop-ups suddenly appear, asking you to buy something or visit particular pages
Your internet searches get redirected to sites you didn’t intend to visit, and the results make no sense. This is called DNS redirection, and means a hacker has control of your browser and can send you to websites of their choice

Note

DNS redirection can be caused by changes in the browser, the device network settings, or the router. If redirects affect multiple devices on the same Wi-Fi, check the router’s DNS settings as well.

You’re missing money in your online accounts. Hackers access private bank details and use them before you even realize you’ve been hijacked
You see your confidential information online. If your data turns up somewhere unexpected, you should immediately check to see if you’ve been hacked
You see scareware or ads saying your antivirus software is out of date and you need to purchase it again right away. In these cases, you’ll be redirected to a malicious website where hackers can access your credit card details
You fall victim to ransomware, and hijackers restrict access to your files unless you pay them money
New browser toolbars that you didn’t select start appearing in your browser

If you notice these signs but ignore them because you believe in the invincibility of Macs, we have some bad news. Although Macs are less vulnerable to malware than PCs, they’re still vulnerable, and browsers are frequently a point of entry for malware. We’ll show you how to get rid of browser hijackers on Chrome and Safari.

How to remove browser hijackers from Chrome

Do you see signs of infection in your Chrome browser? Then follow these quick and easy steps to remove browser hijackers:

Launch Chrome and type chrome://extensions in the address bar.
Look for any browser extensions you didn’t add.
If you see an extension you don’t recognize, click Remove.
Next, type chrome://settings in the address bar.
Click On startup.
Choose the page you’d like to see when launching the Chrome browser.
You can add a specific site as your Chrome startup page.
Click on Add a new page > enter the URL.
Go to the Search engine section.
Choose a default search engine.

Chrome browser showing the Extensions page after typing chrome://extensions in the address bar, displaying installed extensions list — **Step 1. Launch Chrome and type chrome://extensions in the address bar, then press Enter to open the Extensions page**

Chrome Extensions page displaying installed extensions list, highlighting how to identify unfamiliar or suspicious browser extensions — **Step 2. Review the list of installed extensions and look for any browser extensions you don’t recognize or remember installing**

Chrome Extensions page showing the Remove button for an unfamiliar browser extension being selected for deletion — **Step 3. If you find an extension you don’t recognize or didn’t intentionally install, click Remove, then confirm the removal when prompted**

Chrome browser showing chrome://settings typed in the address bar, opening the main Chrome Settings page — **Step 4. Next, type chrome://settings in the address bar and press Enter to open Chrome’s main settings page**

Chrome Settings page with the On startup section selected to manage the browser’s startup page settings — **Step 5. In the Chrome Settings menu, click On startup to review which page opens when you launch the browser**

Chrome On startup settings page showing options to set a specific homepage when launching the browser — **Step 6. Under On startup, select the option that lets you choose which page opens when Chrome launches, then set your preferred homepage**

Chrome On startup settings showing the Add a new page option being selected to set a custom homepage URL — **Step 7. Click Add a new page**

Chrome On startup settings dialog showing a homepage URL being entered into the Add a new page field before clicking Add — **Step 8. Enter the full URL of the website you want to use as your startup page, then click Add to save it**

Chrome Settings page with the Search engine section selected to manage default search engine preferences — **Step 9. In Chrome Settings, scroll down and click Search engine to review and manage your default search engine settings**

Chrome Settings page showing the default search engine dropdown menu being used to select a preferred search engine — **Step 10. Under the Search engine section, choose your preferred default search engine from the dropdown menu to prevent unwanted redirects**

Taking these steps will help keep your Chrome browser safe from hijackers!

How to remove browser hijackers on Mac Safari

Do you see signs of Safari browser hijacking? Here’s how to manually remove any hijackware:

From the Safari menu in the upper left corner of your screen, select Preferences or Settings.
Go to the Extensions tab.
Click Uninstall to remove any unknown extensions.
Next, navigate to the General tab.
Add your preferred startup page to the Homepage field.
Finally, go to the Search tab.
Select your preferred search engine.

Safari browser menu open in the upper-left corner of macOS screen with Settings or Preferences option selected — **Step 1. From the Safari menu in the upper-left corner of your screen, click Safari, then select Settings (or Preferences, depending on your macOS version)**

Safari Settings window open with the Extensions tab selected, displaying installed browser extensions — **Step 2. In the Settings (or Preferences) window, click the Extensions tab to view all installed Safari extensions**

Safari Extensions tab showing an unknown extension selected with the Uninstall button highlighted for removal — **Step 3. Select any extension you don’t recognize, then click Uninstall to remove it from Safari. Confirm the removal if prompted**

Safari Settings window with the General tab selected to manage homepage and startup preferences — **Step 4. Next, click the General tab in the Safari Settings (or Preferences) window to review your homepage and startup settings**

Safari General settings showing the Homepage field being edited to enter a preferred startup website address — **Step 5. In the General tab, enter your preferred website address in the Homepage field to restore your chosen startup page.**

Safari Settings window with the Search tab selected to manage default search engine preferences — **Step 6. Finally, click the Search tab in Safari Settings to review and adjust your default search engine**

Safari Search settings showing the default search engine dropdown menu with a preferred search engine selected — **Step 7. In the Search tab, select your preferred search engine from the dropdown menu to prevent unwanted redirects**

Voila! Enjoy your hijacker-free Safari. Now, how can you keep the hijackers at bay?

Common mistakes that let hijackers come back

Even after removing suspicious extensions, browser hijackers can return if related settings or system components are left unchanged. Many persistent hijackers rely on startup settings, background apps, or network-level changes to reinstall themselves automatically.

Removing an extension but not resetting the startup page and search engine
Forgetting to restart the browser (or the Mac) after changes
Leaving behind a related app that reinstalls the extension
Ignoring DNS/network settings when redirects keep happening

How to prevent browser hijacking

There are lots of ways to protect yourself against browser hijacking. We list some top tips below:

Use Google Safe Browsing. This Google service lets you browse online in a safe mode and alerts you if you happen upon a malicious site or network. Google crosschecks a vast list of phishing and malicious sites to protect you.

Note

In Chrome, Safe Browsing is built-in and can be strengthened by enabling Enhanced Protection in security settings. This increases warning coverage for suspicious downloads, extensions, and dangerous pages.

Never click attachments from unknown senders. Just as you might be suspicious of a large, anonymous package in the mail, don’t open an email if you don’t know who it’s from.
Make sure you use the latest versions of your browsers and operating system (OS). Browser hijackers look for vulnerabilities in your browsers and OS. One purpose of updates is to fix vulnerabilities. By making sure browsers and OS are up-to-date, you prevent hijackers from exploiting these vulnerabilities.
Only download trusted software or attachments. Always take the time to read the small print.
Use an alternate DNS resolution provider to stop DNS hijackers from redirecting you to pages you don’t intend to visit.

Conclusion

Browser hijacking leaves you open to different forms of browser manipulation and fraud. It’s increasingly an online threat and, if left unchecked, can expose your confidential personal data and cost you money. But you can’t protect yourself against it. To protect your Chrome or Safari browser from hijackers, practice digital hygiene, like updating your browsers regularly. On iPhone, Clario Anti Spy provides strong all-around security by helping you fix vulnerabilities that could be exploited to spy on you

By Olga Sushko

Updated: Feb 22, 2026

18 min read

Updated: Feb 22, 2026

18 min read

Privacy and cybersecurity advocate. Mac lover with a passion for copywriting.