QxSearch
QxSearch is a browser hijacker that redirects your searches to its website, which inserts sponsored advertisements. This pseudo-consensual advertising method can endanger your PC by exposing it to other threats, and malware experts recommend uninstalling all browser hijackers from your computer promptly. Typical anti-malware tools should experience no difficulties in removing QxSearch even though this threat hides some of its UI elements.
A Search Called by Many Other Names
Whether it's a file-locking Trojan like the Jigsaw Ransomware, spyware-for-hire like HawkEye or something else, the vendors of black-market software know the value of a distinctive-sounding brand. When one keeps changing its name, there usually is a good reason for that behavior, as one might tell with QxSearch. This browser hijacker takes advantage of a constantly-shifting series of disguises and disingenuous installation routines for gaining control over your search engine preferences.
Threat actors are distributing QxSearch as a Chrome-only extension, although the name it goes by changes with campaigns, to the point of being different daily. Malware analysts see little unexpected behavior from QxSearch, which redirects users from search engines like Google or Bing, for displaying advertisements. Despite its pedestrian payload, QxSearch uses somewhat worrying means of social engineering for installing itself.
QxSearch's Chrome application pages are circulating through third-party Web advertisements that imply that some portion of the site isn't loading due to a missing Flash dependency. The installation link also has a secondary disguise of a security-themed 'browse safely' button. Fortunately, the pages for most of these different extensions, such as Tres, Imsearch, or OiT, are recognizable due to their copy-pasted text descriptions. Malware experts recommend looking for these characteristic similarities instead of memorizing QxSearch's different names, due to the high frequency of new, variant brands.
When an Error is Just Things Going as Planned
A change in QxSearch's behavior as of August is the hijacker's generating a fake error message during the install routine. The error might be trying to keep users from realizing that the extension is active and functional, which QxSearch supports by removing the browser icon for itself. Malware experts have yet to see variants of QxSearch for other browsers, although similar threats for Firefox and other browsers, promoting sites like Moosjs.cn or Navig-gg.com, also exist in high numbers.
Although advertising profit is achievable by injecting sponsored content, QxSearch uses the different tactic of redirecting traffic to its custom site. This function can endanger users by exposing them to Exploit Kits, and other, drive-by-download threats, as well as further malvertising hoaxes. Users should avoid browsing QxSearch's domains (qxsearch.com and bigsrch.xyz) without suitable protection.
For removing QxSearch safely, Chrome users should close their browsers and perform a complete anti-malware scan with whatever brand of security solution they prefer. Wiping Chrome's cookies, the cache, and other temporary files is an optional but highly-recommended precaution.
A search hijacker lying about its name and whether it even installed itself isn't a new problem. Advertising isn't what it used to be – and anyone online needs to remember that, if they don't want to fasten themselves into a QxSearch 'search result.'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.