In early 2024, Guardio researchers tracked ClearFake, an attack where compromised high-SEO WordPress sites delivered fake “Browser update” pop-ups. Victims were tricked into downloading …

During the process, a malicious JavaScript code or malicious plugin is executed and the visitor is redirected to a fake update page. They are then instructed to install the malware, disguised as a …

Oct 16, 2023 · First seen in the wild in July 2023, ClearFake is another “fake updates” threat that quickly became widespread due to the effective lure targeting a wide audience, as well as the …

We collect a dataset of over 5,700 cryptojacking web-sites and analyze their distribution across the top-level domains (§3). and develop models for cryptojacking detection. We apply supervised …

Jul 23, 2025 · Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404 (based on the observed payload name, associated domain, …

Feb 26, 2025 · This post dive into Fake Browser Update Attacks, the payloads they deliver, and detection opportunities within the Google SecOps platform. Check out other installments to the series …

We discovered that criminals have chosen third-party software – such as WordPress – as their new method for spreading cryptojacking infections efficiently.

Mar 7, 2024 · To fill this gap in the literature, in this SoK paper, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic …

To the best of our knowledge, this paper is the first systematic study on web cryptojacking. To answer the above questions, the first task is to identify such cryptojacking webpages at scale. This task …

Feb 3, 2023 · The proposed approach performs the real-time detection and prevention of in-browser cryptojacking malware, using the blacklisting technique and statistical code analysis to identify …