Search Marquis Description
Search Marquis is a browser component that may disguise itself as a helpful tool that will enhance the browsing quality of popular browsers like Chrome and Safari. In fact, it is a shady browser extension that aims to alter the browser's setting without the user’s knowledge and consent. The main purpose of this Potentially Unwanted Program (PUP) is to sneak stealthily into Mac computers and generate revenue for its operators. This happens through a number of intermediate redirects through various dubious domains before displaying Bing.com results.
This Week In Malware Episode 36 Part 2: Why Your Web Browser is Redirecting to Search Marquis & and How to Stop It!
Once installed on a Mac computer, this browser hijacking tool starts to modify options in the user's browser. It sets www.searchmarquis.com as the default new tab page and default search engine, forcing users to open this website each time they launch their browser. All search terms entered into that fake search engine cause a series of redirects until a final landing page with Bing search results is displayed. The intermediate redirects through unrelated and potentially malicious pages generate fake visits, and earn money for Search Marquis' developers. Research shows that Search Marquis is closely related to another infamous browser hijacker named Searchbaron. That is why users whose devices have been infected with Search Marquis often experience redirects through the Searchbaron page as well. Other related domains include searchnewworld.com, api.lisumanagerine.club, searchsnow.com, mybrowser-search.com, search.surfharvest.xyz.
Users who have installed Search Marquis also report bogus pop-ups and messages, some of which may even try to trick the user into believing that their machine has been damaged or is experiencing performance issues. These pop-ups can be symptoms of other PUPs often installed in bundles alongside Search Marquis. Ultimately, the intention is to make the victim download and install the paid version of some rogue anti-malware program or purchase useless products of questionable quality. Typical for Search Marquis is, for example, the fake alert "Your computer is low on memory." which shows up shortly after startup and asks the user to close several apps to free up RAM. The appearance of this warning can also indicate that the computer is infected with a bogus cleaning utility called Mac Cleanup Pro, which is one of the PUPs known to spread with Search Marquis.
Search Marquis May Lead to Installation of Other Unwanted Add-Ons and Apps
Search Marquis can also install additional programs, toolbars, add-ons, and extensions that allow the attackers to track the devices' online traffic and browsing history as well as to collect sensitive user data.
Tools like Search Marquis often get on computers as part of third-party application bundles for Mac. That is why you should always look for the official websites of any app you wish to download or go directly to the official App Store. Another distribution method is through banners and pop-ups on the Internet containing malicious links. Unprotected software downloading networks are also a well-known source of browser hijackers.
Just like on Windows PCs, when bad actors or sneaky developers attempt to peddle unwanted apps for Mac, they often do so through Flash Player update prompts. Search Marquis and other bundled apps can also be installed as additional software in Flash Player Updater. The Flash Player Install prompt, as shown in the image below, is a common method to get computer users to install potentially unwanted apps. It may be best to avoid freeware bundles as a whole. If, however, a user chooses to install a bundle, they should always check the "advanced" or "custom" installations for PUPs like Search Marquis. Again, the fact that Search Marquis affects Mac computers is more evidence of Macs not being immune to unwanted apps, browser hijackers, or borderline malware attacks and threats.
What some Mac users may notice in the Flash Player install prompt is that it attempts to get the user to install additional applications, such as SearchItNow and MacCleanup Pro, which we have identified as potentially unwanted programs. Such applications may promote abilities to fix Mac computer issues or clean up unwanted apps or components. In reality, they are questionable at best in performing such functions on a Mac system. The developers of these apps play this sneaky game so that when computer users install applications that come bundled with other potentially unwanted apps, the users may not pay attention and unknowingly install the PUPs.
Deception Is the Game of Search Marquis
Remember that no webpage can determine the health of your system. If you come across a site that makes the claims mentioned above, you should ignore its contents as it will likely try to trick you into installing dodgy software or subscribing to a fake technical support service.
Search Marquis may be difficult to remove in some cases as it drops many components in different locations. PUPs like this one also use various techniques to ensure their persistence and to prevent removal. One such technique is establishing a "Managed by your organization" status for the PUP, which would prevent attempts to uninstall the undesired browser extension. Furthermore, some added specific components to Google's database can result in Search Marquis coming back with all its malicious activity even after it has been removed.
It is advisable to use a powerful anti-malware suite to remove the Search Marquis application from your Mac. This PUP brings absolutely nothing of value to your browsing experience, just the opposite – it can only deteriorate your Mac computer's overall performance and put your privacy and identity at serious risk.
More Details on Search Marquis