NEWS

Temposearch virus redirect Temposearch virus redirect CREDIT: David Blaine

Temposearch virus attacks Chrome browser

Wednesday 22 September 2021, 12:02AM
By David Blaine
383 views


The website at temposearch.com has been reportedly taking over web browser homepage on multiple computers over the past several weeks. The number one reason why this hijack causes quite a frustration to users is the fact the start page cannot be changed to anything else, which sounds strange since the present-day browsers are flexible enough to let people customize them however they like. There is but one reasonable explanation to this phenomenon, which is in the domain of malicious software activity. The malfunctioning systems are forced to execute a process that skews the Internet defaults. Aside from the homepage replacement mentioned above, the modified settings may also include the preferred search provider and new tab page.

A serious issue with attacks of this kind is about the technicalities related to installation of the offending software. The model applied for spreading the majority of adware and hijackers is not illegal, moreover, it is widely used in a variety of application promotion strategies. Installation clients composed of more than one offer do help freeware developers make a living, but this principle is exploited and abused by fraudulent cyber actors as well. The only thing the bad guys can be blamed for is that they indicate the extra terms in fine print. Getting back to our issue, users install the Temposearch virus as they opt into all setup conditions in one hit while thinking it’s just some fancy new game or media player that’s being authorized to enter the computer.

It may seem that Chrome browser used on the machine is the only piece impacted by this threat. The distortion of online routine turns out to be just the tip of the iceberg, though. Information associated with Tempo Search virus is also present in the system registry, otherwise its process wouldn’t be started at boot time. The persistent executables and a number of ancillary components are added to the Program Files folder as well. At the end of the day, the victim repeatedly visits temposearch.com during the most routine web browsing actions, without the ability to set a different site instead of the value so blatantly imposed. When this happens, the intercepted online traffic goes through a complex sequence of redirects and may take the user to https://nz.temposearch.com/, https://au.temposearch.com/ or https://kr.temposearch.com/ depending of user geo location. The optimal tactic to undo this annoying loop is employ a procedure aimed at detecting every single bit of the infection, eradicating these entities and restoring regular operation of the web browsers.