Kaspersky Flags New Class of 'Gray Zone' Websites: Undefined Trust Level Threat Explodes Globally
Breaking: Kaspersky Unveils New Web Threat Category – 'Sites with an Undefined Trust Level'
January 2026 – Cybersecurity firm Kaspersky has introduced a groundbreaking web filtering category: Sites with an undefined trust level, targeting websites that operate in a legal gray zone—neither strictly phishing nor safe. This new classification now powers its security products, including Kaspersky Premium and its mobile apps.
According to Kaspersky data for January 2026, the most widespread global threat is fake browser extensions mimicking security products, detected in 9 out of 10 regions worldwide. These extensions intercept browser data, track user activity, hijack search queries, and inject malicious ads.
How Suspicious Sites Work
Suspicious websites cannot be definitively labeled as phishing, but their activities are inherently unsafe. They manipulate users into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosing personal data through carefully crafted terms of service. Examples include fake online stores, dubious crypto exchanges, investment platforms, and services with paid subscriptions.
Kaspersky’s system detects these threats by analyzing domain name and age, IP address reputation, DNS configuration, HTTP security headers, and SSL certificates—all automatically.
“These gray-zone sites are designed to exploit the trust gap. They don’t overtly steal credentials, but they trick users into handing over money or data willingly,” says Marina Titova, lead security researcher at Kaspersky. “Our new category helps users avoid traps that traditional phishing filters miss.”
Background: What Makes a Site Suspicious?
Unlike phishing sites that directly steal login credentials, suspicious websites rely on psychological manipulation. Their owners hide behind legal loopholes, such as no-refund policies or automatic subscription renewals buried in terms of service. Users often realize the trap only after paying for goods that never arrive or after being locked into recurring charges.
Indicators to watch include strange domain names with numbers or random characters, cheap top-level domains (.xyz, .top, .shop), newly registered domains (less than 6 months old), unrealistic promises like “100% guaranteed income,” lack of company contact information, and payment options restricted to cryptocurrency or irreversible bank transfers.
Regional Threat Breakdown
Kaspersky’s regional statistics show distinct patterns:
- Africa: Over 90% of top suspicious websites are online trading scam platforms.
- Latin America: Fake betting services dominate.
- Russia: Fake binary options brokers and “educational platforms” with fraudulent subscriptions lead.
- CIS countries: Crypto scams and bots for inflating engagement are most common.
This geographic diversity underscores the adaptability of these threats, targeting local economic interests and digital behaviors.
What This Means for Users
The rise of gray-zone websites signals a shift in cybercriminal tactics—away from straightforward phishing toward more sophisticated manipulation. Users must now scrutinize not just the technical security of a site but also its business practices.
Practical steps: Always verify domain registration age, check for clear contact information, be skeptical of “too good to be true” offers, and avoid sites that push cryptocurrency-only payments. For businesses, enabling Kaspersky’s new filtering category can help block these threats before employees or customers encounter them.
As Titova warns, “In a digital world where trust is often assumed, these sites exploit that very assumption. Staying informed is your best defense.”
— Reporting by Kaspersky, January 2026