ClearFake

ClearFake is a malicious JavaScript framework used on compromised websites to spread malware via the drive-by download technique, tricking users into running fake web browser updates and installing malware.

ClearFake is a new malicious JavaScript framework used on compromised websites to spread malware with a drive-by download technique.

Specifically, its operators exploits social engineering to trick the user into running a fake web browser update and installing malware.

Its name “ClearFake” refers to the JavaScript code injected in clear text into websites compromised by its operators.

Our CTI analysts and researchers have carried out a technical analysis on this new malicious JavaScript framework on our blog. In this article, you'll learn about the steps to install ClearFake, the malware installed on the victim's premises, its C2 infrastructure, and tracking opportunities.

If you would also like to discover how we enable users of our XDR platform to anticipate the presence of IT threats before impact, you can watch this interactive demo:

Read our latest blog articles

Product News

June 23, 2026

Sekoia’s new identity: Designed for clarity

Sekoia has partnered with branding agency Bruno to develop a new brand identity and digital experience that reflects who we really are.

Sekoia Team

Threat Research & Intelligence

TDR

June 11, 2026

APT28, an evolution of tradecraft

Sekoia TDR looks back at how APT28's arsenal has evolved over two decades, from its signature X-Agent implants to disposable modules, edge-device infrastructure and the first LLM-driven malware.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

June 16, 2026

Unveiling ErrTraffic: inside a growing ClickFix malware distribution framework

This report details the ErrTraffic threat and its associated ecosystem, highlighting three specific campaigns and their operators' arsenal.

Jérémy SCION

Quentin BOURGUE

Threat Detection & Research Team