Xlsearch.net

The Xlsearch.net site is offered to Web surfers as a search service, but it was mentioned in cases of browser hijacking in the second week of June 2017. The Xlsearch.net site is registered to the 54.214.50.188 IP address and appears to be connected to several gateways that we have added to our database of browser hijackers. Evidently, Xlsearch.net browser hijacker behaves a lot like those associated with Usearch.co.id and Searchiincognito.com, which are registered on the same IP address. The Xlsearch.net browser hijacker is aimed at users in Indonesia primarily, but users in other countries may be infected as well. The browser hijacker responsible for redirects to Xlsearch.net may be spread among PC users via means of software bundling, which is a common strategy in the cyber world.

Web surfers that are infected with the Xlsearch.net browser hijacker are presented with the site whenever they star an Internet session, open a new tab and attempt to enter keywords on other engines like Google, Bing and Yahoo. Some users have reported pop-up windows and banners that advertise applications for Android-powered devices. We have found that the Xlsearch.net site might include offers to install VoIP apps for Android that are corrupted clones of legitimate communication applications. If you start typing a keyword in the search field at Xlsearch.net your browser may load the following link:

h[tt]p://xlsearch[.]net/img/xlsearch.net/apk/CiceroSupra_1.7.4.1.apk

The link points to an APK file that is named 'CiceroSupra_1.7.4.1.apk' and might appear to be a chat client that is created by Cicero Networks Limited. The company offers VoIP services to businesses and has in-house communications solutions that are not available on open app stores. However, the file 'CiceroSupra_1.7.4.1.apk' is not created by Cicero Networks Limited, and it is perceived as spyware. Analysis revealed that the app requires access to the call log, keyboard, Internet connection, Task Manager, memory card and camera. Cyber security experts strongly advise against loading content from Xlsearch.net or downloading and using software for Windows and Android that is connected to Xlsearch.net. PC users that are presented with Xlsearch.net may want to run a security scan with a reliable anti-malware suite and delete riskware that may expose them to potential cyber threats.