Lazarus Strikes Again: Fake Job Interviews Cost Crypto Developers Billions
Lazarus has a new trick up their sleeve: the ClickFix technique. This North Korea-linked APT group is luring cryptocurrency developers with fake job interviews, only to install malware. With $1.5 billion stolen from Bybit in March 2025, these cybercriminals are proving that even job seeking can be hazardous to your (digital) health.
Hot Take:
Oh, Lazarus, you sly foxes! From pretending to be job recruiters to setting up fake interviews, the Lazarus group seems to have mastered the art of catfishing in the digital age. One must wonder if their next campaign is going to involve LinkedIn endorsements or perhaps even a few unsolicited skill recommendations. Who knew that job hunting could be this dangerous? Time to update that resume and your antivirus software!
Key Points:
- Lazarus, a North Korean APT, uses the ClickFix technique to deliver malware via fake job opportunities for crypto developers.
- The group has stolen $2 billion in virtual assets in 2023-2024, including $1.5 billion from Bybit in March 2025.
- Fake job interviews involve impersonating entities like Coinbase, Ripple, and KuCoin Exchange.
- The infection involves a Go backdoor called GolangGhost, allowing attackers to control infected systems.
- The campaign targets non-technical roles in business development and asset management.