The threat group behind the SocGholish campaigns is likely responsible for the ClearFake malware delivery campaign, which uses compromised WordPress sites to push malicious fake browser updates.

Researchers Warn of Increased Malware Delivery via Fake Browser Updates

A threat group known as ClearFake is using compromised WordPress sites to distribute malicious fake browser updates. Researchers believe that ClearFake is likely operated by the same group behind the SocGholish campaigns. The attackers inject JavaScript into compromised sites, which downloads a payload that creates a fake update interface. Visitors are then tricked into downloading malware disguised as a legitimate browser update. The malware delivered includes HijackLoader, which has been used to distribute various types of malware. Other threat groups have also been observed using similar tactics. To protect against these attacks, organizations should focus on user education, endpoint protection, and network detection.

Back to Home


  • No comments yet.