Happyquokka.xyz

Happyquokka.xyz is the address of a fake search engine. Users are highly unlikely to rely on such engines for their search results willingly. That is why these dubious engines are being promoted through the use of intrusive browser hijacker applications predominantly.  Happyquokka.xyz is not an exception, as infosec researchers observed that the fake engine is associated with a browser hijacker PUP (Potentially Unwanted Program) named Tool.

In the vast majority of cases, the browser hijacker will set its promoted address as the homepage, new tab page, and the default search engine of the affected Web browser. This way it ensures the artificial traffic towards the page will be generated every time the browser is launched, a new tab is opened, or a search is conducted via the URL bar. However, the Tool browser hijacker operates in a different manner.

This particular PUP targets the Google Chrome browser, and modifies its shortcut to load the Tool extension by appending the '--load-extension="C:\Users\username\AppData\Roaming\System\random_filename' string to the shortcut's target field. The browser hijacker will then limit that the actions the users can take. Tool will prevent users from accessing Chrome's extensions list at chrome://extensions/ and instead it loads a fake list from chrome-extension://[user's_ID]/extensions.html. Furthermore, it will also abuse the legitimate 'Managed by your organization' Chrome feature to protect the changes it has made to the Web browser.

Users also should keep in mind that most PUPs are capable of tracking their browsing activities. The intrusive applications could siphon the entire browsing history, all conducted searches, clicked URLs, IP address, ISP, browser type, geolocation and more. The acquired data will most likely be uploaded to a remote server under the control of the PUP's operators.