Skip to main content

All new tricky threat of the fake browser update scam

Beware of fake browser scams, including ClearFake and BSC malware, because they can exploit users by hacking into their accounts to steal personal data.

Long-standing malware scams often prey on unsuspecting internet users, and the old trick of prompting website visitors to update their browsers to view content has resurfaced. 

The latest twist? The culprits now hide malicious files on an encrypted cryptocurrency blockchain, making their malicious intent harder to neutralize. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

New scam called ClearFake causes compromised websites to push visitors a dangerous update 

In August 2023, cyber sleuth Randy McEoin shed light on a scam called ClearFake. This mischief targets users via compromised WordPress sites, displaying a message urging them to update their browsers. 

It's eerily precise too. Chrome users, for example, see a Chrome-specific alert, a browser update warning across multiple devices with a tempting blue button in the center.But clicking on the "update" lures users into downloading malicious software designed to steal information.

Shifty cybercriminals evolving to deliver poisonous payloads to you 

According to Guardio Labs, a reputable security firm in Tel Aviv, the ClearFake scam has evolved. Initially, the attackers stored their devious files on Cloudflare. However, when Cloudflare clamped down, these perpetrators shifted their operations to the Binance Smart Chain (BSC).

MORE: YOU ARE A HACKER TARGET WHETHER YOU KNOW IT OR NOT  

This platform supports decentralized apps and automated "smart contracts." The worst thing is that these payloads of bad stuff leave no trace behind. 

Nati Tal, Guardio Labs' security chief, explained that these bad actors exploit BSC's infrastructure, creating what are called malicious "contracts." Once activated, these contracts are designed to deliver their harmful payloads. 

"The strength of these contracts lies in their innovation and accessibility," Tal stated. "Given the blockchain's nature, hosting code becomes virtually untouchable, evading any takedown attempts." 

GET MORE OF MY SECURITY ALERTS, QUICK TIPS & EASY VIDEO TUTORIALS WITH THE FREE CYBERGUY NEWSLETTER - CLICK HERE

Both scams spread malware and can fool smart people 

Guardio believes that the minds behind the BSC malware and ClearFake are the same. Meanwhile, email security experts at Proofpoint have identified multiple groups using fake browser update schemes to spread malware. 

Proofpoint further observes that such methods persist because they're effective. They exploit users' safety training by posing as trusted sites. Dusty Miller of Proofpoint comments, "Users are conditioned to trust updates from known sources. These scams manipulate that trust, making users believe they're on a legitimate site, urging a browser update." 

MORE: HOW TO OUTSMART CRIMINAL HACKERS BY LOCKING THEM OUT OF YOUR DIGITAL ACCOUNTS   

What you need to do next to protect yourself 

Always stay vigilant online! By far, the single best thing you can do for yourself and those you love is to make yourself resilient against attacks like these in the first place. Invest in strong antivirus protection on all of your devices and keep all operation software updated at all times.

The best way to protect yourself is to have antivirus protection installed on all your devices. Strong antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked. 

SEE THE BEST 2023 ANTIVIRUS PROTECTION WINNERS FOR YOUR WINDOWS, MAC, ANDROID & iOS DEVICES

Kurt's key takeaways 

These scams are designed to trick you into downloading malware that can damage your devices and expose your personal information. Don’t fall for any browser update alerts that pop up on suspicious websites. They could be hiding malicious files that can infect your system. Always check for updates on the official browser websites and protect yourself with strong antivirus protection. 

What steps have you taken to protect yourself from malware? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Answers to the most asked CyberGuy questions: 

What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? 

What is the best way to stay private, secure and anonymous while browsing the web? 

How can I get rid of robocalls with apps and data removal services? 

Copyright 2023 CyberGuy.com. All rights reserved. 

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.