Sekoia.io analysts investigated ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver further malware using the drive-by download technique. ClearFake is another “fake updates” threat leveraging social engineering to trick the user into running a fake web browser update, as for SocGholish and FakeSG malware. We analysed in depth ClearFake and shared the results of our investigation in the FLINT 2023-037 (ClearFake: a newcomer to the "fake updates" threats landscape). It aims at presenting a technical analysis of the ClearFake installation flow, the malware delivered by ClearFake, the C2 infrastructure and tracking opportunities. Related resources: * [FLINT 2023-037 - ClearFake: a newcomer to the "fake updates" threats landscape](https://app.sekoia.io/intelligence/objects/report--8310d95a-13e3-4b85-aedb-10e90e5c55f9) * [ClearFake malware page](https://app.sekoia.io/intelligence/objects/malware--e7f69975-8554-4b18-93f2-a1ab35b3d699)