Sekoia.io analysts investigated ClearFake, a new malicious JavaScript framework deployed on compromised websites to deliver further malware using the drive-by download technique. ClearFake is another “fake updates” threat leveraging social engineering to trick the user into running a fake web browser update, as for SocGholish and FakeSG malware.

We analysed in depth ClearFake and shared the results of our investigation in the FLINT 2023-037 (ClearFake: a newcomer to the "fake updates" threats landscape). It aims at presenting a technical analysis of the ClearFake installation flow, the malware delivered by ClearFake, the C2 infrastructure and tracking opportunities.

Related resources:

• FLINT 2023-037 - ClearFake: a newcomer to the "fake updates" threats landscape
• ClearFake malware page