The ever-changing environment of online scams is posing a growing threat to internet users. An example of a scam that has returned with a modern twist is the fake browser update scam. In this blog, we will examine the specifics of the recent scam known as ClearFake, including information on its methods, sources, and security steps you may take.
How It Started?
Cybersecurity specialist Randy McEoin discovered the internet scam known as ClearFake in August of 2023. Users are the main target of this harmful technique through WordPress websites that have been hijacked. A convincing message asking users to upgrade their web browsers appears when they visit these hacked websites. This scam is especially disconcerting because of how accurate it is; for example, users of Chrome are shown a notice tailored just for Chrome, replete with an enticing blue “update” button in the middle. Nevertheless, by clicking this button, people download dangerous software that is meant to steal their personal data.
Evolution of ClearFake
Renowned security company Guardio Labs kept a careful eye on the ClearFake scam’s evolution. The infected files used in the scam were first kept on the content delivery network Cloudflare by the attackers. But the con artists changed when Cloudflare put in place stronger safety precautions. They changed their business to operate on the Binance Smart Chain (BSC), a decentralized application platform with automated “smart contracts.” This is unique, making identification and mitigation extremely difficult.
Include Image Here
According to Guardio Labs’ chief security officer, Nati Tal, these scammers take advantage of the BSC by constructing what are referred to as harmful “contracts.” These contracts are intended to release their destructive payloads once they are triggered. The innovative and accessible nature of these contracts is crucial, as Tal noted: “Given the nature of the blockchain, hosting code becomes virtually untouchable, avoiding any takedown attempts.”
BSC Malware and ClearFake
According to Guardio Labs, the perpetrators of the ClearFake fraud and the BSC virus are the same person. This points to a network of cybercriminals who are hard at work taking advantage of people by using fake browser update techniques. In the meanwhile, Proofpoint’s email security specialists have discovered many gangs disseminating malware using the same strategies. They emphasize that these strategies continue to be used because they are successful in influencing people’s confidence in reputable websites by impersonating them and convincing them to upgrade their browsers.
Dusty Miller of Proofpoint said: “Users are conditioned to trust updates from known sources. These scams manipulate that trust, making users believe they’re on a legitimate site, urging a browser update.”
Protecting Yourself from ClearFake and Similar Scams
In the face of this evolving threat, it’s crucial to remain awake while browsing the internet. Here are essential steps to protect yourself and your loved ones:
Invest in Strong Antivirus Protection
The most effective measure you can take is to have strong antivirus protection installed on all your devices. Such software actively scans your system for malware, warns you against clicking on malicious links in phishing emails, and ultimately safeguards you from hacking.
Keep Software Updated
Regularly update the operating system and all software on your devices. Software updates often include important security patches that help protect your system from viruses.
Verify Updates from Official Sources
Instead of blindly clicking on browser update prompts, always verify updates through official browser websites. This minimizes the risk of falling for fake updates that include malware.
The ClearFake scam is a serious extension of the problem of fake browser updates. It conceals dangerous files on a blockchain and sends targeted messages to users on hacked websites, making it difficult to stop the threat. Invest in robust antivirus software, keep your software updated, and be careful of update notices if you want to stay safe. You can protect your gadgets and personal information from these constantly changing internet scams by being aware and alert. For this, keep following Scam Legit.