This site was first detected by ConcealBrowse on July 19th after being seen by security vendors in June. It is currently flagged by 15 vendors for phishing and malicious behavior. ConcealBrowse successfully identified the brand impersonation and isolated the site with a 28% risk score.

Shopping sites can be a popular target for threat actors because of the payment information that is stored on the account. The victim’s credit card could be used for fraudulent purchases, potentially causing financial hardship. Additionally, this page uses a fake verification page before delivering the victim to the credential harvesting form. Verification pages are used to try to provide the victim with a sense of security and make the deceptive site appear more legitimate. ConcealBrowse’s intervention blocks keyboard input and helps users recognize these phishing sites more quickly, keeping their information safe.

This site was detected by ConcealBrowse on June 13th, the day after the first security vendors began detecting the site. It was initially detected by eight security vendors and is now flagged by 15 due to phishing and malicious activity. ConcealBrowse intervened on this page with a 17% risk assessment, citing suspicious activity.

This is a phishing page looking for a cryptocurrency recovery phrase. Recovery phrases are used to recover cryptocurrency wallets if the user has lost access. If the user were to enter their recovery phrase into this deceptive site, a malicious actor would have complete access to the wallet and be able to transfer all currency out of it. Given the value of some cryptocurrency, this can be devastating to the victim, and there is not a way to reverse the transaction. ConcealBrowse’s intervention blocks all keyboard input while in isolation, stopping users from entering sensitive information into suspicious sites.

This site was detected by ConcealBrowse on May 31st, the same day other security vendors began reporting. It is currently detected by three vendors for malicious behavior. ConcealBrowse intervened with a 14% risk assessment due to suspicious activity.

Although the page has since been removed, the IP address associated with this domain has been involved in multiple instances of fraudulent downloads. This software, such as the one shown above, disguises itself as a legitimate service. Once installed, the computer is infected with adware that creates pop-ups or redirects users to unwanted websites. They may also act as a browser hijacker, changing default browser settings and putting the user’s data at risk. While in an isolated session, ConcealBrowse blocks downloads from suspicious websites.

This site was first detected by ConcealBrowse on May 16th, along with other security vendors. It was first seen by nine vendors, and as of this writing it has been detected by eight. ConcealBrowse intervened with an 18% risk assessment due to the detection of suspicious behavior.

The page is an advertisement for a browser extension that claims to improve browsing experience for the user. Although the extension has since been removed from the Chrome store, it is highly likely that it was a browser hijacker. Browser hijackers change browser settings, such as the default engine, to redirect users to unwanted sites. These sites could contain spam or steal user data without consent. While in an isolated session, users cannot install browser extensions from the intervened site.