Long-standing malware scams often prey on unsuspecting internet users, and the old trick of prompting website visitors to update their browsers to view content has resurfaced.
The latest twist? The culprits now hide malicious files on an encrypted cryptocurrency blockchain, making their malicious intent harder to neutralize.
New scam called ClearFake causes compromised websites to push visitors a dangerous update
In August 2023, cyber sleuth Randy McEoin shed light on a scam called ClearFake. This mischief targets users via compromised WordPress sites, displaying a message urging them to update their browsers.
It’s eerily precise too. Chrome users, for example, see a Chrome-specific alert. But clicking on the “update” lures users into downloading malicious software designed to steal information. Chrome browser update warning across multiple devices with a tempting blue button in the center.
Credit: Randy McEoin
MORE: YOU ARE A HACKER TARGET WHETHER YOU KNOW IT OR NOT
Shifty cybercriminals evolving to deliver poisonous payloads to you
According to Guardio Labs, a reputable security firm in Tel Aviv, the ClearFake scam has evolved. Initially, the attackers stored their devious files on Cloudflare. However, when Cloudflare clamped down, these perpetrators shifted their operations to the Binance Smart Chain (BSC). This platform supports decentralized apps and automated “smart contracts.” The worst thing is that these payloads of bed stuff called contracts leave no trace behind.
Nati Tal, Guardio Labs’ security chief, explained that these bad actors exploit BSC’s infrastructure, creating what are called malicious ‘contracts.’ Once activated, these contracts are designed to deliver their harmful payloads.
“The strength of these contracts lies in their innovation and accessibility,” Tal stated. “Given the blockchain’s nature, hosting code becomes virtually untouchable, evading any takedown attempts.”
Both scams spread malware and can fool smart people
Guardio believes that the minds behind the BSC malware and ClearFake are the same. Meanwhile, email security experts at Proofpoint have identified multiple groups using fake browser update schemes to spread malware.
Proofpoint further observes that such methods persist because they’re effective. They exploit users’ safety training by posing as trusted sites. Dusty Miller of Proofpoint comments, “Users are conditioned to trust updates from known sources. These scams manipulate that trust, making users believe they’re on a legitimate site, urging a browser update.”
MORE: HOW TO OUTSMART CRIMINAL HACKERS BY LOCKING THEM OUT OF YOUR DIGITAL ACCOUNTS
What you need to do next to protect yourself
Always stay vigilant online! By far, the single best thing you can do for yourself and those you love is to make yourself resilient against attacks like these in the first place. Invest in strong antivirus protection on all of your devices and keep all operation software updated at all times. The best way to protect yourself is to have antivirus protection installed on all your devices. Strong antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.
Special deal for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
See the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Kurt’s key takeaways
These scams are designed to trick you into downloading malware that can damage your devices and expose your personal information. Don’t fall for any browser update alerts that pop up on suspicious websites. They could be hiding malicious files that can infect your system. Always check for updates on the official browser websites, and protect yourself with strong antivirus protection.
What steps have you taken to protect yourself from malware? Let us know by commenting below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Answers to the most asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone, and Android devices from getting hacked?
- What is the best way to stay private, secure, and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data removal services?
Copyright 2023 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🛍️ SHOPPING GUIDES:
KIDS | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE:
COOKING | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | EARBUDS | HEADPHONES | KINDLES | SOUNDBARS | KINDLES | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP IT COZY |
PERSONAL GIFTS:
PHOTOBOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTIVIRUS | VPN | SECURE EMAIL |
CAN'T GO WRONG WITH THESE:
5 comments
Good tip