ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations

ClearFake is an active, ongoing campaign that leverages BNB Smart Chain testnet smart contracts as an immutable C2 to deliver browser-executed malicious JavaScript which fetches payloads directly from on-chain storage; the campaign deploys SectopRAT (a .NET RAT) and ACRStealer (a C++ infostealer), uses social-engineering overlays and clipboard hijacking on Windows and macOS, employs fileless and DLL sideloading techniques, and even records successful infections to a tracking smart contract—demonstrating a sophisticated, resilient blockchain-based C2 that evades traditional takedown methods.