ClearFake’s New Widespread Variant: Increased Web3 Exploitation for…

216.73.216.6

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery

· Published 18/03/2025 09:46 · Modified 18/03/2025 09:59

Essential information

Published: 18/03/2025 09:46
Modified: 18/03/2025 09:59
Tags: 2025-03-18 blockchain browserupdate clearfake javascript wateringhole
Related entities: 30 observables, 8 techniques (mitre)

Description

ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through drive-by downloads. Threat Actors compromise legitimate websites, injecting malicious JavaScript code that redirects users to convincing fake update pages for browsers like Chrome and Edge. These pages prompt users to download updates hosted on platforms such as Dropbox and OneDrive, which actually contain malware payloads. Notably, since late September, ClearFake has altered its code injection tactics, now utilizing smart contracts from the Binance Smart Chain.

External references

https://blog.sekoia.io/clearfakes-new-widespread-variant-increased-web3-exploitation-for-malware-delivery/
https://otx.alienvault.com/pulse/67d940dac8271dd8807e87b9