ClearFake: The New Threat to Online Integrity

What is ClearFake?

As the challenge of DeepFake persists, a new concern has surfaced known as ClearFake. Is it dangerous? Of course, it is. Researchers have sounded the alarm bells to Mac, Windows and other OS users of this emerging threat. So, what is ClearFake? Let’s explore everything in detail in this blog post.

Randy McEoin, a cybersecurity researcher, shed light on a recent malicious JavaScript framework. This framework has been deployed on compromised websites to distribute additional malware through the drive-by download technique on August 26, 2023. It was named “ClearFake” and attributed to the clear text JavaScript injected into the compromised websites.

The analysis, published on August 26, 2023, attributed the name ‘ClearFake’ to the clear text JavaScript injected into these compromised websites.

What is ClearFake?

In early 2023, researchers identified a new cyber threat called Atomic macOS Stealer (AMOS), an advanced malware designed to target Apple users. However, this doesn’t imply that Windows and other operating systems are immune to potential risks.

Once installed, the AMOS malware can steal sensitive data from your infected device and get you into trouble. Examples of compromised data include credit card numbers, cryptocurrency wallet passwords, iCloud Keychain passwords, and more.

A recent revelation indicates that hackers use a fake browser update chain named “ClearFake” to infect Mac users with AMOS malware.

How does ClearFake Work?

ClearFake, a form of DeepFake, uses machine learning to manipulate images and videos, making them look authentic. It uses techniques like image splicing, facial recognition, and voice synthesis. It also poses risks like misinformation dissemination, fake news fabrication, and impersonation.

Malwarebytes reports hackers using the ClearFake technique to infect Mac users with AMOS. ClearFake was discovered in Windows attacks and distributed as fake Safari and Chrome updates on compromised websites.

Attackers are extending their reach by using this growing network of compromised websites. They potentially acquire sensitive data and login credentials from users downloading the virus; this data can be exploited for future attacks or immediate financial gain.

How does ClearFake threaten Mac and other OS?

ClearFake is spreading AMOS (Atomic MacOS Stealer) malware, stealing data specifically from Apple systems and Mac OS-based devices. Still, it equally poses a significant threat to Windows and other operating systems.

Attackers use fraudulent websites to inject malicious JavaScript code. Users visiting these sites will see fake prompts masquerading as official Safari or Chrome browser updates, designed to encourage them to initiate the download and install AMOS malware.

After clicking the false update link, users are redirected to a site that discreetly installs AMOS malware on their systems. Once installed, AMOS infiltrates the victim’s system invisibly, gaining unauthorized access to sensitive data to steal iCloud Keychain passwords, credit card numbers, cryptocurrency wallets, and more.

ClearFake’s adaptability increases issues as it targets both macOS and Windows users. This highlights the evolving abilities of cyber-attack techniques. This shift underscores the need for increased awareness and proactive measures.

How is ClearFake Different from DeepFake?

In DeepFake, attackers use machine learning and AI techniques to manipulate photos and videos to deceive individuals. Fraudsters often use DeepFake technology to blackmail unsuspecting victims with fabricated content, damaging their reputations.
Meanwhile, ClearFake is a malicious JavaScript framework used on compromised websites to deliver additional malware using the drive-by download technique. This entails distributing Edge, Safari, Chrome, and Mozilla Firefox browser updates via compromised websites.

How to Safeguard Yourself from ClearFake?

To safeguard your system against ClearFake, consider the following precautions:

  1. Use reliable sources for downloading or updating software; avoid downloading from untrusted or unknown sources.
  2. Exercise caution when prompted to bypass macOS GateKeeper protections. If an app suggests circumventing these safeguards, proceed carefully.
  3. Verify the legitimacy of an app before installation from sources other than the Mac App Store or other trusted platforms. Check the website’s creation date to ensure authenticity.
  4. Regularly update operating systems and software to address security vulnerabilities and implement the latest security measures.
  5. Update browsers such as Safari or Chrome only from their official sources.
  6. Use authentic antivirus or anti-malware software to mitigate the threat of ClearFake.


The rising cases of ClearFake signal a significant shift in the landscape of digital threats in recent times. As we navigate this new online threat, vigilance, cybersecurity measures, and increased awareness become imperative in mitigating the potential consequences of ClearFake’s unleashed capabilities.


Anjali Goyal

Anjali Goyal is a content writer at TechEela. She helps businesses increase their online presence with optimized and engaging content. Her service includes blog writing, technical writing, and digital marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *