In a resurgence of an old malware trick, hackers are now using decentralized, anonymous cryptocurrency blockchains to host their malicious files to avoid being taken down by security experts or law enforcement. The scam, known as ClearFake, uses hacked WordPress sites to prompt visitors to update their web browser before viewing content. Once users click on the update button, a malicious file is deposited on their system, attempting to install an information-stealing trojan. Recent reports show that the malware is now being stored as cryptocurrency transactions on the Binance Smart Chain, making it harder to track and take down. This method allows attackers to retrieve the malicious payload without leaving traces.
https://krebsonsecurity.com/2023/10/the-fake-browser-update-scam-gets-a-makeover/