Clearfake

Malware updated 23 days ago (2024-11-29T14:49:27.731Z)
Download STIX
Preview STIX
ClearFake is a malicious software, or malware, that has been identified as a significant threat to cybersecurity. Its primary method of propagation is through fake browser updates, encouraging users to copy and execute harmful PowerShell commands. This deceptive approach enables cybercriminals to infiltrate user devices, often without their knowledge. Once inside the system, ClearFake can steal personal information, disrupt operations, or hold data hostage for ransom. The campaign predominantly targets macOS systems with an information-stealing malware named AMOS. The ClearFake campaign was widely identified in April, compromising legitimate websites with malicious HTML and JavaScript under the guise of browser update activities. This strategy allows it to evade detection and gain unauthorized access to user's systems. The malware has been linked to another malware campaign known as ClickFix. However, according to various analysts, despite some similarities, there are numerous differences between these two campaigns, indicating they are likely separate activity clusters. Furthermore, it's important to note that ClearFake is part of a broader trend of bad actors manipulating red-team tools to evade detection. These tools, typically used by cybersecurity professionals to test system vulnerabilities, are being co-opted for malicious purposes. The increasing sophistication of such tactics underscores the importance of ongoing vigilance and advanced security measures to protect against evolving cybersecurity threats.
Description last updated: 2024-11-05T22:02:48.325Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Amos is a possible alias for Clearfake. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to it
3
Socgholish is a possible alias for Clearfake. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof
3
Atomic Stealer is a possible alias for Clearfake. The Atomic Stealer is a type of malware that poses a significant threat to macOS devices. This malicious software infiltrates systems, often unbeknownst to the user, through suspicious downloads, emails, or websites. Once installed, it has the potential to steal personal information, disrupt operati
2
Clickfix is a possible alias for Clearfake. ClickFix is a malicious software (malware) that has been actively exploiting computers and devices, primarily through fake WordPress plug-ins. The malware campaign leverages these bogus plug-ins to inject JavaScript that leads to ClickFix fake browser updates. These updates use blockchain and smart
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Payload
Safari
PowerShell
Macos
Chrome
Malwarebytes
Wordpress
Scam
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Vextrio Threat Actor is associated with Clearfake. Vextrio, a significant threat actor in the cybercrime landscape, has been uncovered as a major traffic broker for cybercriminals by Check Point Research's January 2024 Most Wanted Malware report. The group operates Vextrio Viper, a Traffic Distribution System (TDS) network established in 2020, whichUnspecified
2
Source Document References
Information about the Clearfake Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Malwarebytes
a day ago
InfoSecurity-magazine
2 months ago
DARKReading
2 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
DARKReading
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago