Searchencrypt.com

Threat Scorecard

Ranking: 154
Threat Level: 10 % (Normal)
Infected Computers: 321,186
First Seen: August 11, 2017
Last Seen: September 21, 2023
OS(es) Affected: Windows

Searchencrypt.com is a domain that is associated with an ad-supported program developed by Polarity Technologies Ltd that is a marketing company. The Searchencrypt.com Web portal is used in conjunction with a browser extension for Google Chrome that you can install from hxxps://ext.searchencrypt[.]com. Searchencrypt.com offers a search engine that advertises itself as a secure and privacy-oriented alternative. According to its own description, Searchencrypt miraculously "detects" searches that "may be tracked and tied to your personal information" and allegedly encrypts those, then runs them through its own search engine. This sounds like a great feature in theory. However, in practice, it's more of a nuisance than anything else.

Searchencrypt is also offered as a Chrome extension that can be downloaded from both the official website and the Chrome web store. Despite the large number of users that the Chrome store widget reports, Searchencrypt's extension is largely a browser hijacker, which at least doesn't try to hide its nature and mode of operation. On the About page of the website, it clearly says that "Search Encrypt is supported by sponsored ads featured on our search results page".

The moment you install Searchencrypt's browser extension in Chrome, even your default Google dot com page gets injected with Searchencrypt's widget and you get a warning about it.

searchencrypt-browser-hijacker

The official site for the extension is https://choosetoencrypt.com, and it features the name 'Search Encrypt - A Private Search Engine.' You can find the 'Search Encrypt - A Private Search Engine' at:

hxxps://chrome.google[.]com/webstore/detail/search-encrypt-a-private/dhabgbbbhdnpmagkfhjokfaobibmfipp

You may find a clone of 'Search Encrypt - A Private Search Engine' called 'Search Encrypt' at hxxps://chrome.google[.]com/webstore/detail/search-encrypt/gnlabkgljnlaidbnocfhgdeajcgmahml that is published by the same company — Polarity Technologies Ltd. The same application was published at Searchencrypt.navigateto.net, but it did not manage to encrypt the user's search terms. The newer version called 'Search Encrypt - A Private Search Engine' appears to address this issue. Not only that, the news section at Choosetoencrypt.com features an article that compares the service at Searchencrypt.com against DuckDuckGo.com favorably. All three applications mentioned so far require the following rights in Chrome:

  • Read and change all your data on the websites you visit.
  • Change your search settings to: searchencrypt.com.
  • Manage your apps, extensions and themes.
  • Change your privacy-related settings.

PC users that are looking for an SSL-enabled search service may like what Searchencrypt.com has to offer. However, you will not find options to sort the results at hxxps://www.searchencrypt[.]com/search?eq=[encrypted search terms]. Additionally, the map services are provided by Openstreetmap.org, and video results are provided by Yahoo. Images and text resources are provided through Searchencrypt.com's crawlers. You should note that the 'Search Encrypt - A Private Search Engine' extension is designed to delete your browser history every fifteen minutes you spent online. It is possible the extension may delete links you intended to keep.

Polarity is known to collect data like your search terms, Internet history and downloads log to help ad publishers deliver optimized advertisements on related pages. Although, the extension may delete your Internet history and show encrypted search terms the ad publishers associated with Polarity would have access to raw data. The 'Search Encrypt - A Private Search Engine' extension is deemed as a Potentially Unwanted Program (PUP) that you may want to remove and restore the default privacy settings in your Web browser.

Search results may vary, greatly!

The browser's default search engine is replaced as well. The issue is that in addition to any encryption of your search queries that the hijacker may do, it also returns largely useless results and injects every results page with a load of ads and sponsored content.

As an example, sending a search through Searchencrypt's engine, using actor Gregory Peck's name as the query, you get some really strange results. The top result is an advertisement and redirects to a website that sells sunglasses. The second result is a link to an online bookshop. In third comes an Ebay link. The fourth result is a link to TruthFinder - a site altogether unrelated to Gregory Peck and obviously more sponsored content that is forced upon the user.

searchencrypt-search-results-missleading

After those come another large chunk of injected advertisements, this time with images, that offer users the chance to buy a "Gregory stool" for nearly $280, among others. Only after two full screens of forcibly injected, largely unrelated or sponsored content, come the links to the Wikipedia article on the actor and his Internet Movie Database profile page. The Wikipedia and IMDb links are the first two hits that would show up in a regular Google search using the same query, which means Searchencrypt injected over 10 advertisements and sponsored links before showing its users the actual top relevance matches for their search.

The issue is not just injected ads but also low-relevance content being shown near the top of the results page, far higher than the results in a regular Google search. For example, searching for "Witcher 3" - a 2015 video game, shows a link to a popular adult video website higher than the largest digital game store that sells the actual game - decidedly abnormal behavior when it comes to ordering search results according to relevance.

This is classic browser hijacker behavior on every level. Thankfully, Searchencrypt doesn't have any nasty persistence mechanisms and its removal from the system is quite straightforward. Simply opening Chrome's "Extensions" page (Menu button -> More Tools -> Extensions) allows users to hit the Remove button under the extension and the browser should be restored to its normal functionality.

URLs

Searchencrypt.com may call the following URLs:

"@search-encrypt\"
https://www.searchencrypt.com/search?eq=R

17 Comments

HOW DO I GET RID OF THIS

How do i get rid of this?

delete seach encrypt

i hate search encrypt Reply

i hate this it opens up a new tab no matter what i do and is very anoying and needs to die in a hole that is lit on fire

i dont want search encrypt

search encrypt SUCKS, I hate it. how do I get rid of it?

i need to delete search encrypt its sending me around the bend

This is horrible. I need to get rid of this. How?

skylar miller-melillo Reply

Search encrypt should be deleted!!! Worst computer virus ever!!! It is annoying the crap out of me and is pissing me off!!! I have never had a problem with my cromebook and suddenly this "search enscrypt" SH*T comes up and ruined my day

Just get search encrypt off my computer. Why do you make changes that we do not want

hey i m tring to stop it but it donst let me

Edward collins Reply

search encrypt is the worst thing it's like getting in a car crash.

get this off of my computer this is anyoing

this is the most irritating thing EVER!!!!

OMG! HOW CAN I GET RID OF THIS

how do I delete search encrypt on my computer for google??????

SpyHunter is able to automatically detect and remove Searchencrypt from your PC along with all of its associated components (browser add-ons/extensions).

Trending

Most Viewed

Loading...