Analysis of ClearFake, a newcomer to the "fake updates" threats landscape 🕵️ analysts investigated ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver further malware using the drive-by download technique. ClearFake is another “fake updates” threat leveraging social engineering to trick the user into running a fake web browser update, as for SocGholish and FakeSG malware. We analysed in depth ClearFake and shared the results of our investigation in the FLINT 2023-037 (ClearFake: a newcomer to the "fake updates" threats landscape). It aims at presenting a technical analysis of the ClearFake installation flow, the malware delivered by ClearFake, the C2 infrastructure and tracking opportunities. Related resources: * [FLINT 2023-037 - ClearFake: a newcomer to the "fake updates" threats landscape]( * [ClearFake malware page](