Intel Name: Etherhiding popups still active
Date of Scan: September 9, 2024
Impact: High
Summary: We continue to find websites with injected code that uses “EtherHiding” to create popup windows for fake browser updates. This issue has been observed in infection chains known as “ClearFake” and “ClickFix,” though we have not yet identified the specific malware associated with this chain. For details on a ClickFix infection chain reported in June 2024, visit: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-24-IOCs-for-ClickFix-pushing-Lumma-Stealer.txt
Further information on EtherHiding techniques can be found at:
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16