New CypherLoc Scareware Kit Implements Sophisticated Browser Locks

Researchers report a large-scale browser-manipulation campaign using the 'CypherLoc' scareware kit to run technical support scams since early 2026, citing roughly 2.8 million attacks. The kit is delivered via phishing landing pages, uses cryptographic gating to evade automated scanners, then forcibly takes over the browser (fullscreen, disabled context menus, hidden cursor), plays persistent alert audio, displays victims' public IPs, disables login forms, and launches recovery-disrupting loops if developer tools are opened; organizations are advised to deploy robust anti-phishing filters and modern endpoint protections.