Skip to content

ClearFake Scam Strikes: Beware of the New Wave of Sneaky Browser Update Tricks

  • 4 min read
Update Your google Chrome Browser

Get ready for a rollercoaster ride through the latest cyber threat – the fake browser update scam is back with a bang, sporting a slick modern twist that’s catching users off guard. Keep your eyes peeled for this devious scheme.

The classic ploy of tricking users into updating their browsers to access content and critical information has resurfaced, but this time, the game has changed. Cybercriminals are taking it up a notch by stashing their malicious malware files in encrypted cryptocurrency blockchains to keep their malicious files off the radar of security experts and law enforcement, adding an extra layer of stealth to their nefarious schemes.

Meet ClearFake, the newfound troublemaker that’s turning innocent website visits into dangerous encounters. Unveiled by cyber sleuth Randy McEoin in August 2023, this mischief-maker operates through compromised WordPress sites, coaxing users into a seemingly harmless browser update. But beware, it’s a precision attack. What makes ClearFake particularly insidious is its tailored fake browser alerts, matching the user’s browser, for instance, Chrome users receive a prompt mimicking a legitimate Chrome update. Unfortunately clicking on that innocent-looking update button leads users into the trap of downloading software designed to pilfer sensitive personal information.

According to the vigilant online security experts at Guardio Labs, ClearFake has undergone a shape-shifting evolution. The scam’s initial move was to store their malware files on Cloudflare, but when Cloudflare played hardball, these sly operators found refuge in the Binance Smart Chain (BSC). This blockchain platform, supporting decentralized apps and clever smart contracts, has become their new playground.

Nati Tal, a cybersecurity specialist at Guardio Labs, explained that these cybercriminals are exploiting BSC’s infrastructure to create malicious contracts that, once activated, release harmful malware targeted at gaining your personal information. Tal emphasizes, “The strength of these contracts lies in their innovation and accessibility. Given the blockchain’s nature, hosting code becomes virtually untouchable, evading any takedown attempts.”

Guardio suspects the cybercriminals are behind both the BSC malware and ClearFake. BSC responded to the issue by stating that its team is actively addressing the issue. All addresses associated with the malware have been blacklisted, and the company is implementing measures to detect and mitigate future threats proactively. 

Meanwhile, Proofpoint, an American cybersecurity company has identified a more complex landscape with at least four distinct groups using fake browser update scams to spread malware. It’s a digital jungle out there, and these scams persist because they’re shockingly effective, manipulating users’ trust in updates from familiar sources.

So, how do you protect yourself? It’s all about staying vigilant online. Invest in robust antivirus protection for all your devices, and keep your operating software up to date. And always check for updates directly from the official browser websites. Also if you didn’t go online to look for it, don’t install it. 

How Does Dot Marketing Protect Your Website?

We protect your website with our hosting and maintenance services which include updating all plugins and themes, daily malware scanning, and daily backups of your website.

Updating your plugins and themes is simple, but is often a forgotten maintenance step that can help prevent many issues with your website. Not only does this help with adding new features and preventing compatibility issues, but can fix known vulnerabilities that hackers can use to compromise your website if the plugin is out of date.

Another preventative measure we use is daily malware scanning which can inform us of any plugins with known vulnerabilities and available updates if any. This allows us to monitor the plugin updates or find an alternative option until a fix is deployed. The scans will also alert us to changes in code which can be reviewed to see if there are any intrusions on the website.

In the event that your website does become compromised, we have options as well. We do daily backups of all of our websites, which allow us to identify issues immediately and then revert the website to a previous backup and fix any vulnerabilities. 

Dot Marketing is committed and dedicated to assisting you in strengthening your cybersecurity defenses. Our team of IT professionals can assist you in evaluating your security vulnerabilities, formulating a strong defense strategy, and providing comprehensive education for you and your staff on best practices. To learn more about how we can safeguard against cybersecurity threats, visit our site at or contact our sales team directly today at (605) 519-5740.