New malware
A new malware masquerading as ClearMic, a legitimate microphone noise suppression application, has been identified. This malicious software is a Remote Access Trojan (RAT) that logs keystrokes, captures screens, hijacks clipboard data, records microphone audio, and exfiltrates this information to a remote server. It also deletes Windows Shadow Copies to hinder file recovery, a behavior typical of ransomware. The malware detects sandbox environments to evade analysis. Users who have installed this malware are advised to disconnect from the internet, run anti-malware tools, and change passwords from a clean device.
AI Analysis
Technical Summary
The threat is a RAT disguised as ClearMic, a Windows 10/11 microphone noise suppression app. It installs a hidden executable that performs extensive surveillance and data exfiltration, including keystroke logging, screen capture, clipboard hijacking, and microphone recording. It also deletes Windows Shadow Copies to prevent recovery of files. The malware includes sandbox detection to avoid analysis. The source of this information is a Reddit post with a sandbox analysis link. No CVE or vendor advisory is available. No known exploits in the wild have been reported.
Potential Impact
If executed, the malware compromises user privacy by capturing sensitive input and audio data and sending it to a remote server. It also impedes recovery by deleting shadow copies, increasing the risk of data loss. Credential theft and unauthorized access to accounts are likely consequences. The malware's stealth features, such as sandbox detection, increase the difficulty of detection and analysis.
Mitigation Recommendations
No official patch or vendor advisory is available. Users are advised not to download or run software from clearmic.net. If already infected, immediately disconnect from the internet, run a reputable anti-malware tool such as Malwarebytes, and change all passwords from a separate, clean device. Awareness and caution regarding software sources are critical to avoid infection.
New malware
Description
A new malware masquerading as ClearMic, a legitimate microphone noise suppression application, has been identified. This malicious software is a Remote Access Trojan (RAT) that logs keystrokes, captures screens, hijacks clipboard data, records microphone audio, and exfiltrates this information to a remote server. It also deletes Windows Shadow Copies to hinder file recovery, a behavior typical of ransomware. The malware detects sandbox environments to evade analysis. Users who have installed this malware are advised to disconnect from the internet, run anti-malware tools, and change passwords from a clean device.
Reddit Discussion
clearmic.net is malware, do not download it
Someone sent me this site asking if it was legitimate. I ran the installer in a sandbox and it's a RAT.
It looks like a mic clarity app but bundles a hidden second executable that runs in the background. Here's what it actually does: logs your keystrokes, captures your screen, hijacks your clipboard, records microphone audio, and sends everything out to a remote server encrypted. It also deletes Windows Shadow Copies which is standard ransomware behaviour to stop you recovering your files.
It actively checks if it's running in a sandbox too, which is why I'm glad I tested it before running it on a real machine.
Full sandbox analysis if you want to dig into it yourself: https://tria.ge/260621-vsjxnaet4k/behavioral2
If you already ran this, disconnect from the internet and run Malwarebytes immediately. Change your passwords from a different device, especially Discord, email, and anything with saved credentials in your browser.
Spread this around so people don't get caught out.
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The threat is a RAT disguised as ClearMic, a Windows 10/11 microphone noise suppression app. It installs a hidden executable that performs extensive surveillance and data exfiltration, including keystroke logging, screen capture, clipboard hijacking, and microphone recording. It also deletes Windows Shadow Copies to prevent recovery of files. The malware includes sandbox detection to avoid analysis. The source of this information is a Reddit post with a sandbox analysis link. No CVE or vendor advisory is available. No known exploits in the wild have been reported.
Potential Impact
If executed, the malware compromises user privacy by capturing sensitive input and audio data and sending it to a remote server. It also impedes recovery by deleting shadow copies, increasing the risk of data loss. Credential theft and unauthorized access to accounts are likely consequences. The malware's stealth features, such as sandbox detection, increase the difficulty of detection and analysis.
Mitigation Recommendations
No official patch or vendor advisory is available. Users are advised not to download or run software from clearmic.net. If already infected, immediately disconnect from the internet, run a reputable anti-malware tool such as Malwarebytes, and change all passwords from a separate, clean device. Awareness and caution regarding software sources are critical to avoid infection.
Technical Details
- Source Type
- Subreddit
- Malware
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":35,"reasons":["external_link","newsworthy_keywords:malware","established_author"],"isNewsworthy":true,"foundNewsworthy":["malware"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a3a6ce4eed863c81ee6de4d
Added to database: 06/23/2026, 11:24:20 UTC
Last enriched: 06/23/2026, 11:24:26 UTC
Last updated: 06/23/2026, 12:09:03 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.