Kaspersky Reveals 'Sites with Undefined Trust Level' as Major Online Threat – Fake Extensions Top Global Danger

Breaking: Kaspersky has introduced a new web filtering category—'Sites with an undefined trust level'—to combat a growing class of online threats that operate in a legal grey zone. According to data from January 2026, fake browser extensions mimicking security products have become the most widespread such threat, detected in 9 out of 10 regions analyzed worldwide.

These malicious extensions intercept browser data, track user activity, hijack search queries, and inject ads, posing a severe risk to millions of internet users. Kaspersky's security systems now automatically flag these sites using advanced analysis of domain name, age, IP reputation, DNS configuration, HTTP security headers, and SSL certificates.

Background

A suspicious website—unlike a traditional phishing site that steals credentials—manipulates victims into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosing personal data through carefully crafted terms of service. Examples include fake online stores, dubious crypto exchanges, investment platforms, and services with paid subscriptions that are nearly impossible to cancel.

"These sites exploit a legal loophole by using complex terms of service to make activities appear legitimate," said Anna Larkina, senior security researcher at Kaspersky. "They don't trigger standard phishing alerts, making them particularly insidious."

Regional Hotspots

Kaspersky's regional statistics reveal distinct patterns: in Africa, over 90% of the top 10 suspicious websites are online trading scam platforms. Latin America sees a predominance of fake betting services, while in Russia, fraudulent binary options brokers and "educational platforms" with hidden subscriptions lead the way. In CIS countries, crypto scams and bots for inflating social media engagement dominate.

"Cybercriminals tailor their tactics to local economic trends and cultural behaviors," Larkina added. "Our new category helps users stay ahead of these constantly evolving threats."

Key Indicators to Watch

To help users identify these dangerous sites, Kaspersky recommends checking for these red flags:

• Strange domain names with numbers or random characters
• Cheap top-level domains like .xyz, .top, or .shop
• Recently registered domains (less than 6 months old per WHOIS data)
• Unrealistic promises such as "100% guaranteed income" or "up to 300% profit"
• Lack of company contact information
• Payments only via cryptocurrency or irreversible bank transfers

Users are advised to avoid entering personal data or making payments on any site displaying multiple indicators from this list.

What This Means

The introduction of this new filtering category marks a significant shift in cybersecurity strategy. Rather than relying solely on binary phishing vs. legitimate classification, Kaspersky is now proactively flagging sites that exploit grey-area tactics. For consumers, this means greater protection against manipulative subscription traps and fraudulent financial platforms.

"The online threat landscape is no longer just about stolen passwords—it's about psychological manipulation," Larkina concluded. "Our new category gives users a powerful early-warning system against these emerging risks." As fake browser extensions and region-specific scams continue to rise, staying informed and vigilant remains the best defense.