Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

Barracuda researchers report a large-scale (≈2.8M) browser-based scareware campaign dubbed "CypherLoc" that begins with phishing links to malicious pages which only activate under specific conditions (hidden URL fragments and integrity checks). Once triggered the script forces full-screen browser locks, disables normal controls, plays warning sounds, displays the victim’s IP and a fake login, and prominently shows a fraudulent tech-support phone number; human operators then impersonate Microsoft support to continue the scam. The malware uses delayed activation and anti-analysis techniques to evade detection; Barracuda recommends anti-phishing defenses, browser/endpoint protections, and user education.