During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redirect users to the attacker’s own domain.
Once decoded, the behavior becomes a bit more clear:
A check occurs for the cookie clickund_expert before the script verifies if the browser is Chrome.
Source: Scuri check