Conceal’s Weekly Threat Reports are highlights of recently detected sites that were deemed suspicious using our AI-powered browser extension, ConcealBrowse.

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

Browser-Based Threat Report: Apr 8

Browser-Based Threat Report

Week of April 8th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of April 8th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256:56b2b0ee49cfbfd3c6f42c5b9b713f8bd76b99dae2747d9fc44ced5f6eebc275
 

browser-based threat report 4.8.24

This page was detected by ConcealBrowse on April 4th, with security vendors first flagging the site in early March. The URL originally received hits from 9 security vendors and is now detected by 17 for phishing. ConcealBrowse intervened with a 29% risk assessment because of suspicious behavior.

This page attempts to steal Microsoft credentials by impersonating the Sharepoint login page. Phishing pages like this one have become more sophisticated by verifying that the email address entered is legitimate before proceeding to the password phase of the attack. ConcealBrowse’s intervention prevents users from entering credentials while in an isolation session.

Conceal Recommends: Due to the nature of the activity on this page, it is recommended to block both the URL and IP address associated with this site. 

_____________

SHA-256: c1bfcbae0dbd146084130cc8fd545297e55da095d216e4e44bc4263d2ac9a8ca

 

browser-based threat report 4.8.24

This URL was first seen by ConcealBrowse on April 4th, with the first security vendors reporting the site as malicious in March. It is currently detected by 11 vendors for malicious behavior and distributing malware. ConcealBrowse intervened with a 14% risk assessment due to suspicious behavior.

This page utilizes evasion techniques that cause the site to be inaccessible to most browsers. When being accessed by the target browser, it is being used to distribute a software known for browser hijacking. Browser hijacking occurs when a malicious download, typically a browser extension, causes unwanted redirects and changes to the victim’s settings, such as the home page. This can lead to excessive advertisements, violations of data privacy, and be a nuisance to the victim.

Conceal Recommends: This URL should be blocked to prevent access. While in an isolated session, users cannot download any harmful programs onto their machine. Although the site is not accessible on all browsers, ConcealBrowse continues to detect and defend against it.

_____________

SHA-256: 61ceffc54f7e9a3bf2625f5eb84e016499d3efb8ee750408cb81118c371faccd

browser-based threat report 4.8.24

This site was first detected by ConcealBrowse on April 5th, the same day other security vendors began reporting. It was initially flagged by one vendor and has now been detected by two for potential phishing activity. ConcealBrowse successfully intervened with a 14% risk assessment, citing suspicious behavior.

This URL is considered an emerging threat, with the domain being registered one day before the site began appearing on threat feeds. Credential harvesting typically happens quickly through targeted attacks, and with links that become stale within a few days of being generated. This is why live-threat analysis provided by ConcealBrowse is critical to protecting end-users.

Conceal Recommends: This URL and IP address should be blocked. ConcealBrowse prevents keyboard input while in an isolated session.  

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Threat Report Website Feature - 4124

Browser-Based Threat Report: Apr 1

Browser-Based Threat Report

Week of April 1st, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of April 1st, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4

 

browser-based threat April 2024

This site was first detected by ConcealBrowse on March 28th, with the first security vendors seeing it in January. As of this writing, the page is currently flagged by six security vendors. ConcealBrowse intervened due to proximity and suspicious behavior.

Although this site is empty, the domain was likely generated as part of an operation to create mass amounts of websites for malicious purposes. The IP address currently hosting this page has been connected to cryptocurrency scams and media pirating. These types of sites carry high risk, and it is likely that this URL would be used to host similar activity in the future.

Conceal Recommends: Due to the nature of the activity on this page, it is recommended to block both the URL and IP address associated with this site.

_____________

SHA-256: 7e4136ab6d7638efe12df05a4809d6661106dcdb5aca92244ebb9601ed557f48

 

browser-based threat April 1 2024

This page was first detected by ConcealBrowse on April 1st, the same day other security vendors began reporting. It was originally flagged by 4 vendors, and now has 7 vendors reporting the page as malicious. ConcealBrowse intervened with a 50% risk assessment, citing possible phishing activity.

This website takes advantage of a recent cryptocurrency platform that filed bankruptcy. Although the deadline to withdraw funds from that platform has since passed, this website attempts to steal sensitive wallet information by pretending to be a funds recovery site. Victims will enter their email address, and then be prompted to connect a cryptocurrency wallet to receive their missing funds. Instead, their funds will be withdrawn and stolen with no way of recovery. While in an isolation session, keyboard input is not accepted, and users cannot enter personal information.

Conceal Recommends: This URL has since been removed, but it should still be blocked in case it becomes active again. ConcealBrowse’s live analysis is the best defense against these emerging threats. 

_____________

SHA-256: 79ce94970ae5d3a9c7dd00852b605109e6256e6582352eeaeacd2c7ec8e0625d

browser-based threat April 2024

This page was first detected by ConcealBrowse on April 1st, with the first security vendors seeing it in late March. It was originally detected by 4 vendors, but now this URL is seen by 15 security vendors as malicious. ConcealBrowse intervened with a 40% risk assessment, citing suspicious behavior.

Online banking scams take the appearance of legitimate financial institutions for the purpose of stealing money or financial information from victims. This site also has evidence of being involved in a cryptocurrency scam, where victims are encouraged to invest money in a cryptocurrency for false promises about returns on investment. Although this website is not attempting to directly steal credentials, ConcealBrowse’s intervention allows users to take a second look at the legitimacy of the page they were going to visit.

Conceal Recommends: This domain should be blocked to protect users from potential fraud. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


browser-based threat report 3.25.24

Browser-Based Threat Report: Mar 25

Browser-Based Threat Report

Week of March 25th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of March 25th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: c4f2c31be3ba1f4db34917280d4bab568e3ce0750ba5f48f99ad5bccaa20613e

browser-based threat report: malware hosting

This URL was detected by ConcealBrowse on March 21st. One security vendor originally reported it in November of 2023, with 4 vendors reporting on it today. ConcealBrowse assigned the page a 14% risk assessment, citing suspicious behavior.

This page has been flagged by other security vendors as potentially hosting malware. Malware is most typically introduced to the victim via a Trojan, or a program that is designed to appear benign but holds malicious intent. In the cases of malicious adblockers, they usually cause more advertisements to appear, and could potentially track the victim’s browsing habits to be used for spam and further advertising campaigns. While there isn’t necessarily a risk to the victim’s accounts, it can cause a nuisance and is undesirable on company machines.

Conceal Recommends: Consider implementing company policies that prohibit the download of unauthorized software or extensions on company equipment. While in isolation, ConcealBrowse stops the download of any software hosted on the page.

_____________

SHA-256: 5b13fb5957b84ef7bb9d0b6cd509c947ff6a37d67efdac2b896ddd3b908aad10

browser-based threat report: microsoft phishing scam

This page was first detected by ConcealBrowse on March 25th, the same day that other security vendors began reporting. Only one vendor is reporting on this emerging threat. ConcealBrowse successfully intervened with a 51% risk score, citing proximity, phishing, and suspicious behavior.

Phishing pages from recognized brands, such as Microsoft, are becoming harder for the average user to detect. This page is seeking out specific email addresses and verifies that the input is correct before proceeding. This makes the page appear more legitimate and trustworthy to the victim. Because the site is in an isolated session, ConcealBrowse will still prevent any data from being entered by the user, keeping credentials secured.

Conceal Recommends: This URL should be blocked. ConcealBrowse’s live analysis is the best way to protect users against emerging threats such as this site.

_____________

SHA-256: 6f3527a21e904833824ac3327ecfe302be5b30f8f82f57746c039d32a7d576a0

browser-based threat report: browser notification scam

This URL was first detected by ConcealBrowse on March 25th, the same day that other security vendors began reporting it. It was initially detected by 11 vendors, and now 13 for phishing and malicious behavior. ConcealBrowse successfully intervened with a 28% risk score, citing suspicious activity, phishing, and malware.

Browser notification scams aim to trick the user into believing that they are solving a security puzzle, such as a Captcha, to proceed to their website. In reality, they are enabling browser notifications which will fill their machine with unwanted pop-ups and advertisements. These pop-ups can direct users to malicious pages and persist even if the original page that started the attack is closed.

Conceal Recommends: This URL should be blocked. ConcealBrowse’s intervention on this page would stop notifications from being pushed to the user’s actual browser. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


browser-based threat report

Browser-Based Threat Report: Mar 18

Browser-Based Threat Report

Week of March 18th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of March 18th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 8262cc68678bcc55f591816bf8021a705e6e193e6bd908599b3f0643d1a88ebc

browser-based threat: Facebook phishing scam

This URL was first detected by ConcealBrowse on March 14th. Later that day, one other security vendor began reporting on it and it is currently marked by six vendors for being phishing and malicious. ConcealBrowse successfully intervened with a 30% risk assessment, citing proximity, phishing, and suspicious behavior.

This page attempts to gather personal information about a user to initiate a scam. The URL appears to be directly from Facebook, and users may not view the page initially as phishing due to the form not asking for credentials. However, if the user were to enter their personal information, they’d receive a call from a number claiming to be Facebook. They may be asked for credentials or financial information to gain access to their account, but this is a scam for malicious actors to gain access instead.

Conceal Recommends: This URL should be blocked by policy. A browser security solution like ConcealBrowse is the best way to keep user information safe from these types of emerging threats. 

_____________

SHA-256: b576c2392256ac68bebefcc69add7b941d5cdd688b1e1b47913b33baba8c9051

browser-based threat: cryptocurrency scam

This page was first detected by ConcealBrowse on March 13th, the same day two other security vendors began flagging the URL for phishing. Currently there are 13 vendors that have identified its malicious behavior. ConcealBrowse successfully intervened on behalf of an end-user prior to the site’s removal with a 14% risk assessment.

This site hosted a common cryptocurrency scam. Cryptocurrencies scams aim to steal sensitive credential information to steal money from their victims. Users enter their personal wallet information under the belief that the site is only being used to house all their wallets in one place. However, the information will instead be used to gain access to the money and transfer it to different accounts before the user is able to react.

Conceal Recommends: This page is now removed, but the URL should still be blocked in the case that it is activated again. Cryptocurrencies carry a high risk, so consider implementing a content block on company devices and implementing an acceptable use policy regarding these sites.

_____________

SHA-256: 1ffae731284c35489567c0118c2f28f68ff75ea71ffd531b6ad113488afb081a

browser-based threat: Document Sharing Phishing Scam

This URL was first detected by ConcealBrowse on March 18th, with five security vendors initially reporting it for phishing on March 13th. Currently, there are seven vendors flagging this URL as phishing and malicious. ConcealBrowse intervened with a 30% risk assessment, citing proximity to other malicious pages.

This page is part of a common document sharing phishing campaign. These scams are usually designed to target specific companies by sending emails to their targeted victims that appear to be from known organizations. When a user clicks on the link on the webpage, they will be redirected to the malicious site that will attempt to steal their credentials. ConcealBrowse’s intervention keeps the site in isolation even when redirects occur, keeping users from being able to enter their credentials.

Conceal Recommends: This URL should be blocked. ConcealBrowse’s use of isolation technology helps prevent users for falling for credential theft from suspicious sites. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


Browser-Based Threat Report: Mar 11

Browser-Based Threat Report

Week of March 11th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of March 11th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 3e841f83b88640e0c1204d3e641bbed37ee9db4f371d3fc6aef2e94c3ff2b96d

browser-based threat report: crypto-mining software

browser-based threat report: crypto-mining software

This URL was first detected by ConcealBrowse on March 5th, the same day other security vendors started to report it. So far, one security vendor has flagged this page as malicious. ConcealBrowse intervened with a 30% risk assessment, citing proximity.

This page has a history of hosting crypto-mining software and delivering it to unsuspecting visitors. Crypto-miners, designed to utilize computer resources to generate digital currency, can negatively affect machines by causing performance issues and leaving the device open to security risks. Kryptex has been labeled by multiple vendors as adware, malware, and riskware, further highlighting the potential harm that may come from downloading it onto a computer.

Conceal Recommends: Consider adopting a company policy that bans crypto – mining software from company devices. ConcealBrowse’s intervention prevents the download of software while a website is in isolation. 

_____________

SHA-256: 0e2468bd48b92807f48c97fe522e7a2ce7042af34af477c23df56232e5ac0f26

browser-based threat report: adware

screenshot of similar page

This URL was first detected by ConcealBrowse on March 5th, before other security vendors began reporting on it. As of today, one other security vendor has marked this URL as containing malware. ConcealBrowse successfully intervened with a 44% risk assessment, citing proximity and malware.

Although the page that this URL leads to is now blank, the IP address leads to multiple campaigns for distributing the Turbo Ad Blocker adware. This malicious software pretends to be an ad blocker to convince the user to download it. Once installed, it hijacks browsers, forcing users to go to unwanted sites and causing multiple pop-ups to occur. This can lead the user exposed to further security risks, as the sites and pop-ups are frequently spam or malicious.

Conceal Recommends: This URL and IP address should be blocked. Consider implementing company policies that prevent the installation of untrusted software onto company machines.

_____________

SHA-256: c3dbf274ea6a668c1c382aae1159ad7ac21b11bbc00f5d6a7ac5396e6a181103

browser-based threat report: phishing, credential theft

webpage phishing for Outlook credentials

This URL was first detected by ConcealBrowse on March 5th. It was detected by fourteen vendors last November, and that same number continue to report it to date. ConcealBrowse assessed the page and intervened with a 28% risk assessment, citing suspicious activity.

This webpage is a phish for Outlook credentials. Email credentials continue to be highly sought after, due to their potential for access into other accounts that belong to that same user. Two-factor authentications that only require a verification email can become easily compromised, and email messages are the most common way to reset a forgotten password. Outlook’s popularity in the workforce may also lead to the theft of sensitive or confidential information using social engineering.

Conceal Recommends: This URL and IP address should be blocked. Consider utilizing a third-party 2FA application, instead of email messages, to prevent multiple account compromises. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


browser-based threat report March 4, 2024

Browser-Based Threat Report: Mar 4

Browser-Based Threat Report

Week of March 4th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of March 4th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: b7b9c8acef4b5c7ce61d10ea7b28f291d1e360bed3dd211425ab2e869a2f86d9

browser-based threat: ApacheWeb scareware campaign

This URL and IP address are known to be part of the ApacheWeb scareware campaign.

This URL was first detected by ConcealBrowse on February 29th, with security vendors reporting it on the 25th. The site was initially reported by one security vendor, and that number remains the same. ConcealBrowse intervened and gave the page a 49% risk assessment, citing proximity, phishing, and malware.

This URL and IP address are known to be part of the ApacheWeb scareware campaign. This campaign involves a series of redirects to lead users to malicious downloads, such as adware or unwanted browser extensions. This page is one of the first URLs in the attack vector, deciding which scam page to redirect the user to. These pages are kept clean or empty while not in use as part of their strategy to avoid detection by security vendors and web scanners.

Conceal Recommendation:  This IP address should be blocked. ApacheWeb is mostly deployed through malicious emails, so consider educating users about clicking on links from unrecognized senders while protecting against those that may not identify the suspicious email.

_____________

SHA-256: a1992d1fd5a25182fda65087fc5d44f7ee5a893463f70f8508d3aeb332b6fdd8

browser-based threat: Technical support scams

This URL was first detected by ConcealBrowse on February 28th. Later the same day other security vendors began reporting it. It was reported by two vendors, and today it is reported by six. ConcealBrowse intervened due to a 48% risk assessment and blocked this page, citing phishing and possible malware.

Technical support scams have become prevalent among malicious actors. This page goes as far to impersonate Facebook as well, giving the illusion that the user did go to a legitimate site when they received the popup. Due to the high risk associated with this page, ConcealBrowse decided to block rather than isolate, preventing users from ever seeing the fake phone number.

Conceal Recommendation:  This page and IP address should be blocked utilizing ConcealBrowse’s policy block feature.

_____________

SHA-256: b8b6e86b9cd655913dbd19b6806d5019187658afbdf6258e4547c30ed3633065

browser-based threat report: malicious extensions

This URL was detected by ConcealBrowse on March 4th and was first reported by seven security vendors on February 18th. Today, it is detected by nine security vendors for malicious behavior. ConcealBrowse successfully intervened with a 14% risk assessment, citing suspicious behavior.

This page offers a free browser extension that, once installed, can convert different types of documents into PDFs. Unfortunately, this site has been flagged as untrustworthy and containing potential malware via the extension. Illegitimate browser extensions are a significant cause of concern for the privacy of users, due to their ability to manipulate the content of web pages and read data such as browsing history. Malicious extensions can also cause excessive pop-ups and redirecting to unwanted websites.

Conceal Recommendation: ConcealBrowse’s intervention will prevent downloads of any software, but companies should consider creating an allow list for legitimate browser extensions to prevent users from installing anything potentially malicious. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


browser-based threat report feb 26

Browser-Based Threat Report: Feb 26

Browser-Based Threat Report

Week of February 26th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 26th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 0a76274e99e285c9d7e18d094e71ea6fca1b0274e30c28492a24218e53c61cb3

Microsoft tech support scam

Screenshot of page where Microsoft tech support scam was found

This URL was first detected by ConcealBrowse on February 21st; the same day other security vendors started reporting on it. Initially, only five security vendors marked the page as malicious, but currently there are 15 vendors flagging the page. ConcealBrowse successfully intervened with a 28% risk assessment due to suspicious activity.

When ConcealBrowse first intervened, this page was a Microsoft tech support scam. Malicious actors utilize Azure’s web application services to create Microsoft-branded pages that appear trustworthy. Although the page has since been removed from Microsoft, ConcealBrowse caught the malicious behavior prior to Microsoft intervening. Users are protected in real-time even before the owners of the domain can respond to reports of platform abuse.

Conceal Recommendation: Sites like these can be tricky to detect early, due to their trusted domain names and IP addresses to evade filtering technologies. Live analysis through ConcealBrowse is the best way to protect users in these scenarios.

_____________

SHA-256: 174a9247c762be452a13f29ab15c2648577ffe8b9f6245dbc23abe6fe8171034

screenshot of an illegitimate keygen site

screenshot of an illegitimate keygen site

This URL was first detected by ConcealBrowse on February 23rd and is not yet reported by any other security vendors. The page was given a 30% risk assessment, with ConcealBrowse citing possible phishing and malware.

This webpage has multiple indicators of selling an illegitimate product. Although this site may give the user a valid product key for Windows products, these keys are usually procured illegitimately and can be revoked at any point. Therefore, it is not safe to purchase keys from sites such as these, as doing so may cause interruptions in business flow and result in financial loss for the user.

Conceal Recommendation: This site should be considered an emerging threat and has not existed long enough for other security vendors to do a full analysis and publish their findings. Real-time analysis through ConcealBrowse detects novel techniques used by adversaries in order to disrupt these threats.

_____________

SHA-256: 69b441c662289adb832efcf1379f7841923b5f27d428c1bee4f11deef55b559c

Screenshot of prize scam site

Screenshot of prize scam site

This URL was first detected by ConcealBrowse on February 20th. 10 security vendors flagged the page on that same date, with currently 9 reporting the page for spyware and phishing activity. ConcealBrowse successfully intervened, giving the page a 28% risk score and blocking the page from user access.

This website redirects to multiple different pages, most of which are involved in prize scams. Prize scams tell the victim that they have won, or have the potential to win, a large amount of money. The page asks for personal information such as their phone number and email address. This information can then be used to steal more information or create more personalized attacks. Due to the level of malicious activity detected, ConcealBrowse intervened to block the page rather than put it into isolation, preventing users from entering their information or viewing the site.

Conceal Recommendation: Balance out your defense-in-depth strategy to proactively detect suspicious web pages with technologies like ConcealBrowse that provide real-time analysis.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.

 


Browser-Based Threat Report: Feb 19

Browser-Based Threat Report

Week of February 19th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 19th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 0bc4f970d3b424ee02ece78df2e610974b72fb09e964fb6da8964056077d0ee2

credential phishing example

screenshot of credential phishing page

This URL was first detected by ConcealBrowse on February 16th, the same day that other security vendors started reporting on it. It was initially detected by 10 security vendors, and sixteen are now reporting the page as malicious. ConcealBrowse successfully intervened with a 14% risk assessment.

This is a classic example of credential phishing. The site copies the exact format of the Microsoft single sign on page to steal credentials from unsuspecting users. To make the page more believable, attackers will verify that the email address is valid before proceeding to ask a password. This makes it harder to check the page for legitimacy, which is why it is crucial to have protection in place that blocks user input such as ConcealBrowse.

Conceal Recommendation: Detection of phishing sites is not enough, you need to actively block users from entering credentials into suspected credential theft sites like you can do with the Isolation feature in C0ncealBrowse.

_____________

SHA-256: 52c1e7a2c36be28c42455fe1572d7d7918c3180cad99a2b82daa2a38a7e7bb23

malicious pop-ups imitating Microsoft

An example of the pop-ups found connected to this page

This URL was detected by ConcealBrowse on February 16th with a 28% risk assessment. It was first detected by one security vendor on February 7th and currently is detected by two vendors. ConcealBrowse intervened due to phishing and suspicious activity.

While the page is currently blank, the IP address is connected to multiple instances of malicious pop-ups. These pop-ups often imitate Microsoft, and demand that the user call a phone number to fix it. These scams often tell the user to download remote access software onto their computer, resulting in both a financial loss and the theft of personal information.

Conceal Recommendation: Block the IP address and the URL using ConcealBrowse and monitor software being downloaded onto company machines. Additionally, Users should inform their IT team whenever they are prompted to conduct an action. Remember, any vendor contact should be routed through the IT team

_____________

SHA-256: 3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4

ransomware hosting through a malicious popup

This URL was detected by ConcealBrowse on February 13th. It was first detected by one security vendor on January 9th, and there are currently four security vendors reporting this page for malicious activity. ConcealBrowse intervened with a 32% risk assessment due to malware and proximity to malicious IP addresses.

The IP address connected to this page was recently flagged for hosting a form of ransomware through a malicious popup. Users would click on the popup, and the executable file would download to their computer. Ransomware can be devastating, especially in cases where computers are connected to each other on a network and the malicious software can spread. Although the page is now down, ConcealBrowse still intervened to protect users in the future if the site becomes active again.

Conceal Recommendation: Rely on active defense solutions such as ConcealBrowse. When ConcealBrowse intervenes on a page, all download attempts are blocked to protect users from malware such as this. Live analysis of the site allows for early intervention and prevents malicious downloads.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


browser-based threat report 2.12.23

Browser-Based Threat Report: Feb 12

Week of February 12th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 12th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256: 71a36ae6fbc456fbf6376f21f3df4803f5c1a6e2a170c0191f52b3a56778005b

Browser-Based Threat Brand Impersonation

example of similar brand impersonation page

This URL was detected by ConcealBrowse on February 8th, 2024, with a 28% risk assessment. It was first seen by four security vendors in June of 2023 and is currently detected by 17 vendors. ConcealBrowse intervened on this page due to suspicious activity.

While the website is currently down, this page is an example of brand impersonation by pretending to be the United States Postal Service. These scams usually come in the form of a message saying that there is a package that was lost in the mail. When users click on the link, they are shown a page that looks very similar to the USPS site and asked to provide a return address and pay for shipping. Brand impersonations can be very hard to recognize, which is why using browser protection is critical.

Conceal Recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and other perimeter security tools your organization may be using.

_____________

SHA-256: 7aa36b6af4e26f3e690d408d04c810d144179ac784c065fcd8f845b76d2a25c5

This URL was detected by ConcealBrowse on February 9th, 2024. It was originally seen by one security vendor in November of 2023 and is currently detected by 12 vendors for phishing and malicious content. ConcealBrowse successfully intervened with a 28% risk assessment, citing proximity to other malicious sites and possible malware.

This IP was recently linked to a scareware campaign; a special type of adware that is designed to scare the user into downloading malicious software. This example tries to convince the user that their machine is infected with malware and an antivirus software is necessary. The pressure caused by the alarming messages may cause users to react and install the malware.

Conceal Recommendation: To prevent these types of attacks, a dynamic scanning engine is required to keep pace with adversaries moving between different URLs. The ability to contain downloaded files and prevent them from executing on the user’s computer is also a necessity when encountering these threats.

Browser-Based Threat Scareware

Scareware found at this domain

_____________

SHA-256: 52b33f982d0e1c9602bace37ca2ef97ba413694f94c14e06aa6dc6515e9dc1676

Browser-Based Threat Fake Storefront

Screenshot of Fake Storefront Page

This URL was detected by ConcealBrowse on February 7th, 2024, the same day other vendors began reporting on it. It was originally flagged by three vendors and is now flagged by six, labelling it as a shopping scam. ConcealBrowse intervened with a 14% risk assessment due to suspicion.

The site is a fake storefront, which is a common scam used to steal payment information such as a credit card. The website template not being complete, such as with the filler text in the above image, is a good indicator that none of the products are legitimate. These storefronts typically disappear very quickly to evade detection, which is why ConcealBrowse’s real-time analysis of the site is critical to protect user data.

Conceal Recommendation: Implementing a solution that is capable of scanning the URL down to the web page in real-time is the only way to identify these threats due to how quickly they are stood up and removed by adversaries. Deploying the ConcealBrowse solution to the browser enables you identify and disrupt novel phishing sites such as this.

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.


Browser-Based Threat Report: Feb 5

Browser-Based Threat Report

Week of February 5th, 2024

ConcealBrowse is leveraged by teams across the world to combat weaponized URLs. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.

At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of February 5th, 2024, unveils critical insights into the ever-evolving landscape of online threats.

The following report highlights recently detected sites that were deemed suspicious:

_____________

SHA-256:575e16e99fc8d3ac02f853c6bed65238f23bd6013a7e2321b4c260a171ad5047

browser hijacking

screenshot of homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking

This URL was detected by ConcealBrowse on February 2nd, 2024. It was flagged by four security vendors on December 4th and is still currently flagged by four vendors. ConcealBrowse intervened, assigning the page a 23% risk score due to potential malware.

This is the homepage for a browser extension that was flagged by security vendors for malware, likely due to browser hijacking. Browser hijacking occurs when software changes how your web browser interacts with websites. For example, it may change your home screen to a different search engine or redirect you to malicious websites. While in most cases it is more of a nuisance than nefarious, these types of extensions could easily redirect you to sites that could do more damage or steal your credentials.

Conceal recommendation: This URL and IP should be blocked with ConcealBrowse’s policies and by your other security tools. 

_____________

SHA-256: c81549a6aa1a44d1858feaab9d01060950658b929e39c257b9d2854dd76b1387

This URL was detected by ConcealBrowse on February 1st, 2024. It was originally detected by 4 security vendors the same day, and that number has not changed. ConcealBrowse intervened, assigning the page a 14% risk score due to suspicion.

Although the page has since been removed by Microsoft, this site hosted a tech support scam. Tech support scams will claim that the user’s computer contains malicious software or viruses and prompt them to call a number to remove them. These numbers will pretend to be Microsoft support, but their goal is to steal personal information and money from victims. Sometimes, these scams will go as far as to tell the user to download malware onto their machine so that they can be exploited again in the future.

Conceal recommendation: Although links may originate from legitimate organizations like Microsoft, they can redirect you to unofficial or malicious sites. Unless users verify that the final domain is the one that they intended to visit, they may be unaware of the attack. Solutions, such as ConcealBrowse, that analyze the final destination web page, are crucial in detecting and defending against threats that hide through redirects. 

screenshot of tech support scam URL detected by ConcealBrowse

screenshot of tech support scam URL detected by ConcealBrowse

_____________

SHA-256: 5b9542b700f786e8c7913aae5cef1696bf888ccc555de8ff1be809f4ed4b5363

screenshot of gift card scam page URL detected by ConcealBrowse

Screenshot of a similar page hosted by the same server

This URL was detected by ConcealBrowse on January 30th, 2024. It was first detected by one security vendor on December 29th and is currently detected by 14. ConcealBrowse successfully intervened, assigning the page a 39% risk score.

While the current page no longer exists, it is hosted by a server that contains multiple phishing URLs. The proximity to the malicious IP address allowed ConcealBrowse to detect the page regardless of content. In the past, these sites were used to host gift card scams. Gift card scams trick the user into believing they’ve won a monetary prize, only to redirect them to a malicious website that will steal their personal information and credit card.

Conceal recommendation: Sites like these change their content frequently but often use the same high-risk IP addresses. Blocking all access to this IP with ConcealBrowse , along with your firewall or other perimeter security solution, makes it less likely for users to encounter them. 

_____________

Valuable Outcomes

As this recent threat reports exemplify, ConcealBrowse offers comprehensive protection against many sophisticated cyber threats. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to confidently navigate the digital landscape, knowing that their online activities are shielded from potential harm.

Join the Conceal Community and claim your FREE ConcealBrowse licenses!

Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.

Sign up for the Conceal Community and claim your free licenses by completing the form below.