{"id":250517,"date":"2026-05-20T06:00:00","date_gmt":"2026-05-20T10:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/researchers-warn-cypherloc-scareware-has-targeted-millions-of-users\/"},"modified":"2026-05-20T12:10:18","modified_gmt":"2026-05-20T16:10:18","slug":"researchers-warn-cypherloc-scareware-has-targeted-millions-of-users","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/researchers-warn-cypherloc-scareware-has-targeted-millions-of-users\/","title":{"rendered":"Researchers Warn CypherLoc Scareware Has Targeted Millions of Users"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/researchers-cypherloc-scareware\/\">Researchers Warn CypherLoc Scareware Has Targeted Millions of Users<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/researchers-cypherloc-scareware\/\">https:\/\/www.infosecurity-magazine.com\/news\/researchers-cypherloc-scareware\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 06:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Security researchers have sounded the alarm over new scareware designed to lock users\u2019 browsers and drive them to fraudulent tech support teams.<\/p>\n<p>Since the start of 2026, Barracuda researchers\u00a0said they have observed around 2.8 million attacks which used the scareware dubbed CypherLoc.<\/p>\n<p>According to the cybersecurity firm, the\u00a0CypherLoc campaign usually begins with a phishing email that directs the victim to a malicious web page through a link embedded in the email or in an attachment.<\/p>\n<p>A harmless malicious web page is loaded, only triggering the full scareware environment if several conditions are met.<\/p>\n<p>\u201cThe code only decrypts when the page is opened under the right conditions: when the required URL fragment hash is present and the page passes a series of cryptographic integrity checks,\u201d Barracuda explained in an article.\u00a0<\/p>\n<p>\u201cIf the hidden fragment is missing or the page is being opened in a scanner, sandbox or test environment, the malicious payload refuses to run, and the page redirects to a blank screen. This hides the attack from security tools.\u201d<\/p>\n<p>Read more on scareware: Fake Obituary Sites Send Grievers to Porn and Scareware Pages<\/p>\n<p>What follows is a series of actions designed to discomfort the user:<\/p>\n<ul>\n<li>The browser switches to full-screen mode, disabling context menus, hiding the cursor, and flooding the screen with overlays<\/li>\n<li>Any attempt to regain control triggers a \u201crelock\u201d<\/li>\n<li>A fake security page plays warning sounds whenever the user clicks<\/li>\n<li>This extra activity might slow the browser or cause it to crash<\/li>\n<li>CypherLoc retrieves and displays the user\u2019s IP address<\/li>\n<li>A login popup is show to the user which escalates the sense of panic when it doesn\u2019t work<\/li>\n<\/ul>\n<p>\u201cA fraudulent support phone number\u00a0is prominently displayed on the screen throughout the attack and presented as the\u00a0only\u00a0way to fix the problem,\u201d Barracuda continued. \u201cWhen victims call the number,\u00a0human operators posing as Microsoft support staff\u00a0take over and continue the scam&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/researchers-cypherloc-scareware\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers Warn CypherLoc Scareware Has Targeted Millions of Users https:\/\/www.infosecurity-magazine.com\/news\/researchers-cypherloc-scareware\/ Publish Date: 2026-05-20 06:00:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":250518,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/095705ee-aebb-43cf-933e-4324fb3421f8.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25],"class_list":["post-250517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250517"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=250517"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250517\/revisions"}],"predecessor-version":[{"id":250519,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250517\/revisions\/250519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/250518"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=250517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=250517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=250517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}