Kevin Beaumont on Nostr: ClearFake are going in heavy on getting users to run commands for initial access. ...
ClearFake are going in heavy on getting users to run commands for initial access.
Aside from this blog, they’ve started targeting Wordpress sites in Israel and injecting code via Cloudflare workers. Other interesting TTP, storing malicious code in web3 blockchain service.
Proxy block *.bnbchain.org
https://blog.sekoia.io/clearfakes-new-widespread-variant-increased-web3-exploitation-for-malware-delivery/
Aside from this blog, they’ve started targeting Wordpress sites in Israel and injecting code via Cloudflare workers. Other interesting TTP, storing malicious code in web3 blockchain service.
Proxy block *.bnbchain.org
https://blog.sekoia.io/clearfakes-new-widespread-variant-increased-web3-exploitation-for-malware-delivery/