Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews

North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data, and fund the regime’s programs.\n\nIt is worth noting that the hackers trick job seekers through a social engineering technique called ClickFix. This involves luring victims to a fake interview website where they are presented with a fabricated error, such as a camera issue. They are then instructed to copy and paste command lines to fix the problem, unknowingly deploying malware.\n\nAttacks are carried out using a special tool, named ContagiousDrop, which is designed to deliver malware disguised as software updates. It’s smart enough to identify if a victim is using Windows, macOS, or Linux and then sends the correct type of malware.\n\nThe research, shared with Hackread.com, reveals that hackers use these platforms to monitor their own domains and avoid detection. Significant operational security (OPSEC) failures exposed files and directory contents, allowing researchers to piece together their timeline and methods.\n\nTo read the complete article see: Hack Read 😱