ClearFake Campaign Expands, Compromising Over 9,000 Sites with Fake Security Lures
The ClearFake cyberattack, first discovered in 2023, has grown into a more dangerous threat. Originally using fake browser update pop-ups, ClearFake now tricks people by pretending to be security checks, like fake reCAPTCHA or Cloudflare Turnstile verifications. These false alerts lead users to unknowingly download harmful software, such as Lumma Stealer and Vidar Stealer.
A new tactic called ClickFix has emerged, where attackers fool users into running harmful commands disguised as fixes for technical problems. This results in even more dangerous software being installed on the victim's computer. ClearFake has also started using advanced technology, like blockchain, to hide its tracks and make it harder to detect.
The campaign is growing, with over 9,300 websites now compromised, potentially affecting nearly 200,000 users by mid-2024. Recently, ClearFake has targeted auto dealership websites through a third-party video service, showing the increasing risk of attacks that spread through other companies.
These actions are part of a larger trend of sophisticated cyberattacks, including phishing campaigns and new types of malware. Experts are urging businesses and individuals to implement strong security measures, like better authentication systems and continuous monitoring, to protect against these growing threats.
As cyberattacks continue to evolve, it’s crucial for everyone to stay informed, practice good security habits, and use the latest defense tools to protect themselves from these complex threats.
Source: https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html