Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want.
During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redirect users to the attacker’s own domain.
Once decoded, the behavior becomes a bit more clear:
A check occurs for the cookie clickund_expert before the script verifies if the browser is Chrome.