FlagThis

The North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). This involves tricking users into performing actions, such as clicking on fake error messages, that ultimately execute malicious commands. Researchers have uncovered that the Lazarus Group is now using fake job interviews on platforms like LinkedIn and X (formerly Twitter) as part of their "ClickFake Interview" campaign to distribute malware.

Researchers are also reporting that victims are directed to fake interview websites, where they are prompted to fill out forms and enable their cameras. The malware, identified as “ClickFix,” enables remote access to the victim’s system, allowing Lazarus to steal sensitive data, including cryptocurrency wallet credentials. Once the malicious tool is installed, attackers can execute arbitrary commands, exfiltrate data and maintain persistent access to compromised systems.

ImgSrc: www.bleepstatic

References :

• bsky.app: The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi).
• BleepingComputer: North Korean hackers adopt ClickFix attacks to target crypto firms
• Cyber Security News: Hackers Exploit Zoom Installer to Gain RDP Access and Launch BlackSuit Ransomware Attack
• bsky.app: Lazarus adopts ClickFix technique.
• Cyber Security News: Lazarus Hackers Use Fake Interviews “ClickFake†to Infect Windows & macOS with GO Malware
• : New “ClickFake Interview†campaign attributed to the Lazarus Group targets crypto professionals with fake job offers

Classification:

• HashTags: #LazarusGroup #ClickFix #Crypto
• Company: BleepingComputer
• Target: Crypto Firms
• Attacker: Lazarus Group
• Product: Zoom
• Feature: ClickFix
• Malware: BlackSuit
• Type: Ransomware
• Severity: Major