Long-standing malware scams often prey on unsuspecting internet users, and the old trick of prompting website visitors to update their browsers to view content has resurfaced.
The latest twist? The culprits now hide malicious files on an encrypted cryptocurrency blockchain, making their malicious intent harder to neutralize.
New scam called ClearFake causes compromised websites to push visitors a dangerous update
In August 2023, cyber sleuth Randy McEoin shed light on a scam called ClearFake. This mischief targets users via compromised WordPress sites, displaying a message urging them to update their browsers.
It’s eerily precise too. Chrome users, for example, see a Chrome-specific alert. But clicking on the “update” lures users into downloading malicious software designed to steal information. Chrome browser update warning across multiple devices with a tempting blue button in the center.
Credit: Randy McEoin
MORE: YOU ARE A HACKER TARGET WHETHER YOU KNOW IT OR NOT
Shifty cybercriminals evolving to deliver poisonous payloads to you
According to Guardio Labs, a reputable security firm in Tel Aviv, the ClearFake scam has evolved. Initially, the attackers stored their devious files on Cloudflare. However, when Cloudflare clamped down, these perpetrators shifted their operations to the Binance Smart Chain (BSC). This platform supports decentralized apps and automated “smart contracts.” The worst thing is that these payloads of bed stuff called contracts leave no trace behind.
Nati Tal, Guardio Labs’ security chief, explained that these bad actors exploit BSC’s infrastructure, creating what are called malicious ‘contracts.’ Once activated, these contracts are designed to deliver their harmful payloads.
“The strength of these contracts lies in their innovation and accessibility,” Tal stated. “Given the blockchain’s nature, hosting code becomes virtually untouchable, evading any takedown attempts.”
Both scams spread malware and can fool smart people
Guardio believes that the minds behind the BSC malware and ClearFake are the same. Meanwhile, email security experts at Proofpoint have identified multiple groups using fake browser update schemes to spread malware.
Proofpoint further observes that such methods persist because they’re effective. They exploit users’ safety training by posing as trusted sites. Dusty Miller of Proofpoint comments, “Users are conditioned to trust updates from known sources. These scams manipulate that trust, making users believe they’re on a legitimate site, urging a browser update.”
MORE: HOW TO OUTSMART CRIMINAL HACKERS BY LOCKING THEM OUT OF YOUR DIGITAL ACCOUNTS
What you need to do next to protect yourself
Always stay vigilant online! By far, the single best thing you can do for yourself and those you love is to make yourself resilient against attacks like these in the first place. Invest in strong antivirus protection on all of your devices and keep all operation software updated at all times. The best way to protect yourself is to have antivirus protection installed on all your devices. Strong antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.
Special deal for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
See the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.
A Texas mom says she spent the night in jail after speaking up online about dirty water in her town. The case was later dropped, but her story raises a troubling question: could something you post online ever put you at risk?
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s Prime Day picks for useful gadgets, practical upgrades and everyday tech while the deals last.
Kurt’s key takeaways
These scams are designed to trick you into downloading malware that can damage your devices and expose your personal information. Don’t fall for any browser update alerts that pop up on suspicious websites. They could be hiding malicious files that can infect your system. Always check for updates on the official browser websites, and protect yourself with strong antivirus protection.
What steps have you taken to protect yourself from malware? Let us know by commenting below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Answers to the most asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone, and Android devices from getting hacked?
- What is the best way to stay private, secure, and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data removal services?
Copyright 2023 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
5 comments
Good tip