ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking users into downloading counterfeit browser updates. By May 20241, ClearFake adopted the new social engineering tactic ClickFix, displaying fake error messages in the web browser and deceiving users into copying and executing a given malicious PowerShell code that finally infected their systems.
The Sekoia Threat Detection & Research (TDR) team discovered that since December 2024, ClearFake has included new lures. This latest variant uses fake reCAPTCHA or Cloudflare Turnstile verifications, along with fake technical issues, to trick users into resolving these CAPTCHA challenges and finally executing malicious PowerShell code.
La publication suivante ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery est un article de Sekoia.io Blog.