ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The ClearFake campaign, utilizing fake reCAPTCHA and Cloudflare Turnstile verifications, has infected over 9,300 websites to spread information-stealing malware. The campaign, known for its evolving tactics, employs EtherHiding and ClickFix to deliver Lumma Stealer and Vidar Stealer, with the latest iteration incorporating Web3 capabilities for resilience. As social engineering campaigns become more sophisticated, organizations must implement robust authentication and access-control mechanisms to protect against evolving threats.