ClearFake Campaign Infects 9,300 Sites Using Fake Verifications

Threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications to trick users into downloading malicious software such as Lumma Stealer and Vidar Stealer. ClearFake, first identified in July 2023, is a threat activity that uses web browser update lures on compromised WordPress sites to distribute malware. This campaign has infected 9,300 sites.