ClearFake Enters the Fake Browser Update Arena to Deliver Malware

SEKOIA identified a threat called ClearFake that uses compromised WordPress sites to distribute malicious fake browser updates. This threat is likely operated by the same group behind SocGholish. It is to be noted that SocGholish operators had successfully leveraged this technique in 2022, which indicates that the same threat group is likely behind the new ClearFake malware. The IOCs associated with the threat have been made available to understand attackers’ infrastructure, attack pattern, and their activities.