Lazarus Hacks Job Seekers: Beware of ClickFix Malware in Crypto Industry!
The notorious North Korean Lazarus hacking group is at it again, now using ‘ClickFix’ tactics to target job seekers in the cryptocurrency industry, especially centralized finance (CeFi). By faking errors and offering “fixes,” they trick users into running malware. Beware job offers with a side of malware—Lazarus isn’t hiring, they’re hacking!
Hot Take:
Ah, the good old Lazarus group is back, trying to hack your dreams of a lucrative crypto career with their new ClickFix magic trick! Forget phishing emails, now it’s all about fake job interviews that might just end up stealing more than your time. Maybe job seekers should start adding “cybersecurity ninja” to their list of required skills, right after “proficient in Microsoft Office.” Who knew job hunting could be this hazardous?
Key Points:
- The Lazarus group has evolved their tactics from ‘Contagious Interview’ to ‘ClickFix’ to deploy malware.
- ClickFix involves fake error prompts urging victims to run harmful PowerShell commands.
- Targets include job seekers in the crypto industry, now focusing on non-technical roles.
- Victims are tricked into running OS-specific commands that download Go-based malware.
- Sekoia provides Yara rules and indicators to help detect and block these attacks.