What is Search Marquis?
Search marquis is a hijacker that is known to affect the Safari browser and other web browsers on macOS devices. It modifies the apparent browser settings, in this case, safari, by altering the search engine and the actual homepage into its Search Marquis. It then redirects all the search queries without the user’s permission.
It then goes a step further and adds more tools, fake buttons, and ads in the form of pop-ups, banners, and boxes. This then will redirect users to their websites, where the actual developers of this hijacker can benefit from generating income through advertisements.
How to know if your Mac is infected with Search Marquis?
All the search queries are redirected to their website, the searchmarquis.com. Their Search Marquis engine also replaces the actual search engine you had configured, all through the homepage when you launch the browser, and the new tab when you start a new tab.
Some of the commonly known domains associated with the Search Marquis include, and are not limited to, the following domains below.
- searchnewworld.com
- search1.me
- mybrowser-search.com
- chillsearch.xyz
- searchitnow.info
- searchsnow.com
- search.surfharvest.xyz
- api.lisumanagerine.club
- Nearbyme.io
You might also notice extensions that are foreign to what might normally be found among the extensions provided by the Safari browser. The browsing experience starts to be overwhelmed by ads, links, and banners.
How does Search Marquis get installed on Mac?
There are various ways the hijacker can enter the Mac system. The most commonly known is through the bundling technique, where it is installed alongside the legitimate software. There are then not mentioned in the installation process and thus when we agree to terms and conditions for the particular software we are installing, it gets included to be among the ones with the privileges we accepted for the legit ones.
Other times, they come as an update. For instance, there has been software like Adobe Flash player which has now been deprecated, but Search Marquis is fond to use it to disguise itself to be a must-update that should be carried out on the system. The update in turn installs the Search Marquis virus, which is not noticeable even to some tech-savvy individuals.
How to remove Search Marquis from Mac?
Force Quit the Safari browser
Follow the steps below to force quit the Safari browser.
- Tap on the Apple logo or use the “Cmd + Option + Esc” shortcut keys.
- Select the safari from the listed applications.
- Tap on the “Force Quit” button.
This will now shut down the browser properly.
Find and delete malicious files and apps
To do this, follow the steps below.
- Navigate to “Finder” on the menu
- Tap on the “Go” option
- Select “utilities” option
- Open the “Activity Monitor”
- Search for suspicious and unfamiliar activities, consuming a lot of resources on the system.
N/B: Some disguise themselves with a legit name of software. To confirm, you have to google the unusual program if you are not sure if it should be in the system.
If you find the suspicious file to be fishy, click on the “X button” at the top left, and “force quit” to confirm the activity is deleted.
Remove malicious profiles or login items
Some malicious processes might load together with the legit processes you are executing on your computer, and then they stay running in the background without your knowledge.
- Go to the Apple menu
- Click on the “System Preferences” in your Mac
- Choose the “Users & Groups” option
- Switch to the “Log in Items” tab.
- Tab on the padlock icon at the bottom left to activate the changes. You might be prompted with admin privileges here.
- Check the box and use the minus icon to delete any login items you find to be suspicious
Check Browser and Prevent Hacking
Press and hold the “Shift” key when launching the Safari browser, and release the shift key when it loads. The previous pages will now not load, and the page will start from the start page.
If the Search Marquis persists, you should check the extensions on the browser.
- Launch the Safari browser
- Tap on the safari option in the top left corner of the browser
- Click on the “Preference” option
- Navigate to the Extensions tab
- Deactivate all suspicious extensions to allow uninstallation.
- Click on the “Uninstall” option for all the deactivated extensions
Remove rogue files and leftovers
There are various ways to locate if there are leftovers and rogue files associated with the search marquis virus in the system.
To do so, type each of the searches in the dialog box, one at a time.
i). ~/Library/LaunchAgents: this will outline all the LaunchAgents in the current user’s directory. If you see anything associated with the virus, make sure to delete them.
ii). ~/Library/Application Support: Look for items that don’t seem related to Apple apps or products you didn’t install in the first place. These will include items like folders with names such as “ProgresiveSite”, and “IdeaShared”.
iii). /Library/LaunchDaemons: This is a path that stores files used by the Search Marquis for persistence.
iv). /Library/LauncAgents: on this path, you should look for recently added files related to the Search Marquis virus. They may not always be names in suspicious names, so the recent files might be among the files you should consider deleting.
Default Homepage Set up
This is a necessary step to confirm that the Search Marquis is no longer the default search engine. To do so, follow the steps below.
- Click on the “General” tab in the preference menu.
- Scroll to the “Homepage” box and make sure to default it to a search engine like google or DuckDuckGo.
Prevent Your Mac from Getting Reinfected with Search Marquis and Other Malware
Download and install an antivirus
As always, the antivirus program is used to remove all the viruses on the system as well as clean and protect the system from future infections. The antivirus will also play a role in identifying suspicious links, even when you get the links through email.
Secure your wireless network and IoT devices
Making sure that the device is secure might not always be enough. It is important to secure the entire network by utilizing tools like the network firewall or even simple things like using a secure and complicated password.
Regularly update the Mac Operating System
The whole system should always be kept up-to-date. This includes all the software as well as the drivers. Not updating the system leaves the system to be vulnerable to attacks that could have been detected before they get access to the system in the first place.
Conclusion
Apart from the inconveniences caused by slowing the performance of the browser, installing malicious add-ons, showing suspicious pop-ups, and redirecting to potentially harmful websites, they are known to collect cookies and personal data and forward them to their affiliate ad networks.
This virus can only be noticed on the browsers only, but hides through the whole system, such that cleaning the browser alone always proves ineffective until the whole system is tended to.
Some of the Search Marquis files are harder to spot, while some hide, making the cleanup process harder to complete than when uninstalling regular software.