In a recent move, an ill-famed Mac malware gang has unleashed a new browser hijacker that constantly forces hits to searchlee.com.
Once again, Macs are in the crosshairs of bad actors who keep piggybacking on a surefire web traffic monetization scheme through aggressive redirects. This rising campaign involves a predatory application that takes over a victim’s default browser to push SearchLee, a rogue service mimicking a garden-variety search provider. The resulting page contains nothing but a search box and a few technicalities in the footer such as the privacy policy and terms of use. Although at first blush it doesn’t seem harmful at all, there are pitfalls lying beneath the external normality. First off, you aren’t likely to ever visit searchlee.com unless you test malware like we do, or unless your Mac has been infiltrated by a virus that’s wreaking havoc with all things web surfing.
SearchLee isn’t just a nuisance
Secondly, the unwanted app doesn’t get along with your personal data intactness. Whereas you should be good to go if you simply visit searchlee.com out of curiosity, things can get nasty if the unruly code poisons your system for real. In addition to turning your browser usage upside down, it performs a kind of eavesdropping to siphon off fingerprintable information such as your online habits, location, IP address, hardware specs, and macOS version. The amassed data is quietly exfiltrated to a malicious server so that malware operators can piece it all together to create a profile of the user. This could be a springboard for targeted phishing attacks, identity theft, and other impactful frauds.
Affiliation with other Mac perils
If you’ve been staying abreast of the Mac threat landscape, then you probably know about Safe Finder, a hugely prolific malware oldie masterminded by a firm called Linkury. That said, SearchLee has the same roots, which per se indicates that it might take the macOS virus world by storm just like its older “cousin”. Another shared trait comes down to traffic monetization principles that presuppose an injection of low-quality advertising networks into the redirect workflow. To veil the devious tactic, both services may display Yahoo Search results at the end of the rerouting process.
iOS devices are at risk, too
Quite unnervingly, this campaign isn’t isolated to Macs. To a smaller extent, it is also making itself felt across the iOS area. SearchLee makers’ motivation for contaminating iPhones is barely different. It is about reorganizing the web traffic so that it fits a monetization context. Given the multi-platform essence of this culprit and its adverse effects, users should exert caution with suspicious installers that may include the redirect virus like this under a nifty wrapping.
