Searchencrypt.com
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 154 |
Threat Level: | 10 % (Normal) |
Infected Computers: | 321,186 |
First Seen: | August 11, 2017 |
Last Seen: | September 21, 2023 |
OS(es) Affected: | Windows |
Searchencrypt.com is a domain that is associated with an ad-supported program developed by Polarity Technologies Ltd that is a marketing company. The Searchencrypt.com Web portal is used in conjunction with a browser extension for Google Chrome that you can install from hxxps://ext.searchencrypt[.]com. Searchencrypt.com offers a search engine that advertises itself as a secure and privacy-oriented alternative. According to its own description, Searchencrypt miraculously "detects" searches that "may be tracked and tied to your personal information" and allegedly encrypts those, then runs them through its own search engine. This sounds like a great feature in theory. However, in practice, it's more of a nuisance than anything else.
Searchencrypt is also offered as a Chrome extension that can be downloaded from both the official website and the Chrome web store. Despite the large number of users that the Chrome store widget reports, Searchencrypt's extension is largely a browser hijacker, which at least doesn't try to hide its nature and mode of operation. On the About page of the website, it clearly says that "Search Encrypt is supported by sponsored ads featured on our search results page".
The moment you install Searchencrypt's browser extension in Chrome, even your default Google dot com page gets injected with Searchencrypt's widget and you get a warning about it.
The official site for the extension is https://choosetoencrypt.com, and it features the name 'Search Encrypt - A Private Search Engine.' You can find the 'Search Encrypt - A Private Search Engine' at:
hxxps://chrome.google[.]com/webstore/detail/search-encrypt-a-private/dhabgbbbhdnpmagkfhjokfaobibmfipp
You may find a clone of 'Search Encrypt - A Private Search Engine' called 'Search Encrypt' at hxxps://chrome.google[.]com/webstore/detail/search-encrypt/gnlabkgljnlaidbnocfhgdeajcgmahml that is published by the same company — Polarity Technologies Ltd. The same application was published at Searchencrypt.navigateto.net, but it did not manage to encrypt the user's search terms. The newer version called 'Search Encrypt - A Private Search Engine' appears to address this issue. Not only that, the news section at Choosetoencrypt.com features an article that compares the service at Searchencrypt.com against DuckDuckGo.com favorably. All three applications mentioned so far require the following rights in Chrome:
- Read and change all your data on the websites you visit.
- Change your search settings to: searchencrypt.com.
- Manage your apps, extensions and themes.
- Change your privacy-related settings.
PC users that are looking for an SSL-enabled search service may like what Searchencrypt.com has to offer. However, you will not find options to sort the results at hxxps://www.searchencrypt[.]com/search?eq=[encrypted search terms]. Additionally, the map services are provided by Openstreetmap.org, and video results are provided by Yahoo. Images and text resources are provided through Searchencrypt.com's crawlers. You should note that the 'Search Encrypt - A Private Search Engine' extension is designed to delete your browser history every fifteen minutes you spent online. It is possible the extension may delete links you intended to keep.
Polarity is known to collect data like your search terms, Internet history and downloads log to help ad publishers deliver optimized advertisements on related pages. Although, the extension may delete your Internet history and show encrypted search terms the ad publishers associated with Polarity would have access to raw data. The 'Search Encrypt - A Private Search Engine' extension is deemed as a Potentially Unwanted Program (PUP) that you may want to remove and restore the default privacy settings in your Web browser.
Search results may vary, greatly!
The browser's default search engine is replaced as well. The issue is that in addition to any encryption of your search queries that the hijacker may do, it also returns largely useless results and injects every results page with a load of ads and sponsored content.
As an example, sending a search through Searchencrypt's engine, using actor Gregory Peck's name as the query, you get some really strange results. The top result is an advertisement and redirects to a website that sells sunglasses. The second result is a link to an online bookshop. In third comes an Ebay link. The fourth result is a link to TruthFinder - a site altogether unrelated to Gregory Peck and obviously more sponsored content that is forced upon the user.
After those come another large chunk of injected advertisements, this time with images, that offer users the chance to buy a "Gregory stool" for nearly $280, among others. Only after two full screens of forcibly injected, largely unrelated or sponsored content, come the links to the Wikipedia article on the actor and his Internet Movie Database profile page. The Wikipedia and IMDb links are the first two hits that would show up in a regular Google search using the same query, which means Searchencrypt injected over 10 advertisements and sponsored links before showing its users the actual top relevance matches for their search.
The issue is not just injected ads but also low-relevance content being shown near the top of the results page, far higher than the results in a regular Google search. For example, searching for "Witcher 3" - a 2015 video game, shows a link to a popular adult video website higher than the largest digital game store that sells the actual game - decidedly abnormal behavior when it comes to ordering search results according to relevance.
This is classic browser hijacker behavior on every level. Thankfully, Searchencrypt doesn't have any nasty persistence mechanisms and its removal from the system is quite straightforward. Simply opening Chrome's "Extensions" page (Menu button -> More Tools -> Extensions) allows users to hit the Remove button under the extension and the browser should be restored to its normal functionality.
URLs
Searchencrypt.com may call the following URLs:
"@search-encrypt\" |
https://www.searchencrypt.com/search?eq=R |