This post explains threats related to Proxy Auto Config PAC files and how to avoid malicious redirection manually or via Phrozensoft Auto Config Risk Protector.

Remove proxy settings, specifically PAC files In the "Network" system preferences, select the network adaptor being used and click the "Advanced" button down at the bottom of the window.

WPAD is a method used by Web browsers to locate a proxy configuration file called wpad.dat that is used to configure a Web browser’s proxy settings.

That’s because the attackers use a Tor .onion website to serve the proxy configuration file. The system’s proxy auto-config setting is then modified in the registry to point to the .onion address.

Instead of individually modifying configurations on each device connected to a network, WPAD locates a proxy configuration file and applies the configuration automatically.