'Glemurguide.club' Pop-Ups

The 'Glemurguide.club' pop-ups originate from the Glemurguide.club site that is registered to the 160.153.78.160 IP address. However, we found that the site has half a dozen clones, among which are: glemurpro[.]club, glemurshop[.]club, glemurweb[.]club, glemurtech[.]club, glemurlab[.]club and glemurworld[.]club. These pages are used to present Web surfers with misleading information and claim that the user's PC is infected with spyware and viruses that can cause damage to the Microsoft's network if the user does not call a dedicated phone number. The 'Glemurguide.club' alerts are identified as fake security warnings, which suggest users call a toll-free phone number and ask for help with removing threats from their devices. The 'Glemurguide.club' false warnings may feature titles like 'Error # 3658d5546db22ca', 'Error #268D3' and 'Your Windows has been blocked' and might be accompanied by an audio recording that says:

'Critical alert from Microsoft, your computer has alerted us that your computer is infected with virus and or spyware.
This virus may be sending your credit card details, Facebook login, personal emails to hackers remotely.
Please call us immediately at the toll-free phone number listed so that our engineers can guide you through the removal process.
If you close this message, we will be forced to disable your computer to prevent further damage to our network.

We have discovered that the 'Glemurguide.club' pop-ups may promote the 888-448-5333 helpline, which is operated by Techaidusa.com. The site does not appear to offer legitimate services and has no pricing model available. A deeper investigation into Glemurguide.club and Techaidusa.com uncovered that the 888-448-5333 could be found on pages registered to the 166.62.27.144 IP address. We followed the leads, and we discovered that the 888-448-5333 is listed with other businesses and many "tech support guides" published via Itphonenumber[.]com. Pages that are not connected to Glemurguide.club directly appeared to offer similar content and recommend users call the following phone lines:

• 844-819-3386
• 888-828-4852
• 888-866-2166

When users loaded phishing portals identical to Glemurguide.club the following message box appeared on their screens:

'[SITE NAME] is requesting your username and password. The site says: "the server reports that is from windows . your windows license has been corrupted. enter user and password or contact windows help desk at Toll Free…"
User name: [TEXT BOX]
Password: [TEXT BOX]
[OK|BUTTON] [Cancel|BUTTON]'

The rabbit hole started at Glemurguide.club and lead us to the 166.62.27.144 IP where we found nearly a dozen questionable "tech support guides" and phishing pages like microsoftlivehelp[.]com, which claimed to offer help from certified experts at Microsoft Corp. It is recommended that you avoid interaction with Glemurguide.club and pages that suggest your PC is compromised and you need to call a toll-free helpline. Cyber security experts warn that calling fake technical support desks may result in a security compromise and the loss of money. You might want to add a credible anti-spyware tool that can recognize pages like Glemurguide.club and block them. The following pages are related to questionable technical support services and are known to use names of trusted companies:

• h[tt]p://www.itphonenumber[.]com/hp-printer-customer-service
• h[tt]p://cogecoemail.supportno[.]com/
• h[tt]p://ezaplabs[.]com/zxc/dropbox/spacebox
• h[tt]p://lenovolaptop.supportno[.]com/
• h[tt]p://pc1488.bentleybugg[.]com
• h[tt]p://rocketmail.supportno[.]com/
• h[tt]p://travomint.supportno[.]com/
• h[tt]p://www.esolutionsupport[.]com/mozilla-firefox-technical-support
• h[tt]p://www.itphonenumber[.]com/cox-customer-service
• h[tt]p://www.itphonenumber[.]com/earthlink-customer-service
• h[tt]p://www.microsoftlivehelp[.]com/error-code-30175-4.php
• h[tt]p://www.microsoftlivehelp[.]com/mchat/chat.php?a=4dd63