The ClearFake campaign, which targets users through fake reCAPTCHA and Cloudflare verifications, tricks individuals into downloading malware such as Lumma and Vidar Stealer. Highlighted since July 2023, it exploits compromised WordPress sites to lure victims with fake browser updates. Recent developments include the use of social engineering tactics such as ClickFix, which pressures users into executing harmful PowerShell scripts. Enhanced by techniques like EtherHiding and interactions with Binance Smart Chain, the campaign creates a robust malware distribution network targeting both Windows and macOS systems.
The latest iteration of the ClearFake framework marks a significant evolution, adopting Web3 capabilities to resist analysis and encrypting the ClickFix-related HTML code.
ClearFake attacks have adopted what has by now come to be known as ClickFix, a social engineering ploy that involves deceiving users into running malicious PowerShell code.
Collection
[
|
...
]